Re: SMS is not seeing all computers

Tech-Archive recommends: Fix windows errors by optimizing your registry

Status Message:

"SMS Active Directory System Discovery Agent reported errors for 1515
objects. DDR's were generated for 0 objects that had errors while reading
non-critical properties. DDR's were not generated for 1515 objects that had
errors while reading critical properties.

Possible cause: The SMS Service might not have access to some properties of
this object. The container specified might not have the properties available.
Solution: Please verify the Active Directory schema for properties that are
not replicated or locked. Refer to the discovery logs for more information."

To me, this sounds like a permissions issue...I added the SMS$ account to
the SYSTEM container for both B1 and B2 domains and made sure to assign it
full control for "this object and all child objects.

I'm not really sure what "discovery logs" to check for more information.
Ideas?

Thanks!


"Jon" wrote:

Greetings,

Thank you for your help on this matter.

In a previous post I mentioned the plan to rebuild my SMS environment and
start over. I decided to go ahead with that plan and was able to correct the
thing that I thought might have contributed to this problem. Now, even
though that correction has been made, I find myself in exaclty the same spot
I was in before.

In response to your questions...

Yes, I am sure our structure is only one forest. Domain "A" is in one tree
and Domains "B, B1, and B2" are in another tree but they are all in the same
forest.

With some help from a friend (thanks) I was able to use Schema Admin to
verify the classes do exsist in our AD structure.

The error messages I had experienced before are not happening now but still
SMS cannot see any computers in the B1 or B2 Domain. I think it is because
B1 is a child of B. When I go to Active Directory System Discovery and try
to add the child domain it won't let me do that. I have been able to find
Root computers (Domain A) using the "Local Forest" option, and servers
(Domain B) using the "Local Domain" option. When I try to use the "Browse"
button it doesn't show me anything other than Domain B and I cannot see
Domains B1 or B2. With this in mind, I tried to add a new LDAP path,
"LDAP://DC=B1,DC=B,DC=LOCAL"; in order to point it to the child Domain of
B1.B.Local. Perhaps I am typing this path incorrectly.

Do you have any ideas of other things I can check?

Thank you for your help,

Jon



"Kim Oppalfens <MVP>" wrote:

are you 100% postivie this is a single forest?
Try opening the schema admin and verify whether the sms classess exist.
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq01.mspx#EOB

--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Jon" <Jon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E37F6250-2AB0-4B57-803F-88137D0AF8CF@xxxxxxxxxxxxxxxx
Configuration:

I am trying to setup SMS 2003 SP2 with SQL 2005 on a Win 2003 server. We
have a single forrest with four domains. Domain A and B are equal with
each
other and Domains B1 and B2 are equal with each other but are children to
Domain B. The SMS site/server are in B allong with other member servers,
all
user accounts, and a few desktops. The majority of our desktops are in B1
with a few other desktops in B2. All of this is in one geographic
location,
one SMS Site, and one AD site. All desktops are running Win XP SP2 and so
my
SMS site is using Advanced security. I have extended the AD Schema (first
for SMS 2003, then AGAIN after I upgraded to SMS 2003 SP2). I checked the
log file to verify the schema extention was successfull (both times) SMS
was
able to successfully create the System Management container within the
System
container. The SMS Server has full controll of the System contain and all
subcontainers and objects.

SMS Can do:

SMS has correctly detected AD Security Groups, Users, and Servers and
Desktops from domain B. Client push is successful for desktops/servers in
domain B. Manual install of client is successful on desktops in domain
B1.
Hardward inventory collection and software inventory collection is
successful
for all clients regardless of what domain they are in or how they became
clients.

Problem:

1) SMS does not see any servers or desktops in any of the domains other
than those that are joined to domain B. This is a show stopper for us
since
most of our desktops are in domain B1. I am confident we could "Force" it
to
work by implementing a script or something but I really want to use SMS's
AD
System Discovery to discover them so that we can *KNOW* that our harware
information is accurate as time goes on.
2) Nothing has been published in the AD Systems Management container the
SMS server created during the initial install/setup.
3) Site Status messages make me believe there is a permissions problem
somewhere but I cannot find it since the SMS server has full control
permissions
4) Site Status messages also say that I need to extend the schema. This
is
equally baffling because I've already successfully extended the schema
twice.

I think these problems are all related but I am at a loss for how to "fix"
them because everything I have read that I should do, I have already done.

Please help.

Thanks,

Jon



.

Quantcast