Re: SMS is not seeing all computers

VICTORY!!!!

This log information got me to thinking about the firewall question. I
thought I had already enabled my SMS server to get through the desktop
firewall. I checked into it and discovered that I had indeed allowed the
server to get through the desktop firewall. Yet, it still could not ping
desktop computers based upong the netbios name. The only way to ping was
based on the fully qualified domain name. With this in mind, I went to the
DNS settings on my SMS server and appended the FQDN for domains B1 and B2 and
I was able to ping using the netbios name.

Once I saw that was working, I thought I'd go ahead and run another AD
system discovery to see if that was the ticket. After ten minutes time SMS
had added another 1000+ systems to the list and saw everything I needed it to
see.

THANK YOU KIM!!! I really appreciate all of your help and suggestions in
leading me to the anwers I needed.

"Jon" wrote:

Adsysdis.log has many messages that look like this:

Unable to resolve <computername> SMS_AD_SYSTEM_DISCOVERY_AGENT 4/21/2006
11:06:18 AM 828 (0x033C)
ERROR: Machine <computername> is offline or
invalid. SMS_AD_SYSTEM_DISCOVERY_AGENT 4/21/2006 11:06:18 AM 828 (0x033C)
ERROR: CADSource::ProcessSystemInfo: Failed to get IP Address for the
system. SMS_AD_SYSTEM_DISCOVERY_AGENT 4/21/2006 11:06:18 AM 828 (0x033C)
ERROR: Failed to generate system
information. SMS_AD_SYSTEM_DISCOVERY_AGENT 4/21/2006 11:06:18 AM 828 (0x033C)


This message makes me think the SMS server is not getting through our
desktop firewalls. Am I on the right track?




"Kim Oppalfens <MVP>" wrote:

Check Adsysdis.log

--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Jon" <Jon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:12699977-470C-4A79-93E9-8FF00E28DC6F@xxxxxxxxxxxxxxxx
Status Message:

"SMS Active Directory System Discovery Agent reported errors for 1515
objects. DDR's were generated for 0 objects that had errors while reading
non-critical properties. DDR's were not generated for 1515 objects that
had
errors while reading critical properties.

Possible cause: The SMS Service might not have access to some properties
of
this object. The container specified might not have the properties
available.
Solution: Please verify the Active Directory schema for properties that
are
not replicated or locked. Refer to the discovery logs for more
information."

To me, this sounds like a permissions issue...I added the SMS$ account to
the SYSTEM container for both B1 and B2 domains and made sure to assign it
full control for "this object and all child objects.

I'm not really sure what "discovery logs" to check for more information.
Ideas?

Thanks!


"Jon" wrote:

Greetings,

Thank you for your help on this matter.

In a previous post I mentioned the plan to rebuild my SMS environment and
start over. I decided to go ahead with that plan and was able to correct
the
thing that I thought might have contributed to this problem. Now, even
though that correction has been made, I find myself in exaclty the same
spot
I was in before.

In response to your questions...

Yes, I am sure our structure is only one forest. Domain "A" is in one
tree
and Domains "B, B1, and B2" are in another tree but they are all in the
same
forest.

With some help from a friend (thanks) I was able to use Schema Admin to
verify the classes do exsist in our AD structure.

The error messages I had experienced before are not happening now but
still
SMS cannot see any computers in the B1 or B2 Domain. I think it is
because
B1 is a child of B. When I go to Active Directory System Discovery and
try
to add the child domain it won't let me do that. I have been able to
find
Root computers (Domain A) using the "Local Forest" option, and servers
(Domain B) using the "Local Domain" option. When I try to use the
"Browse"
button it doesn't show me anything other than Domain B and I cannot see
Domains B1 or B2. With this in mind, I tried to add a new LDAP path,
"LDAP://DC=B1,DC=B,DC=LOCAL"; in order to point it to the child Domain of
B1.B.Local. Perhaps I am typing this path incorrectly.

Do you have any ideas of other things I can check?

Thank you for your help,

Jon



"Kim Oppalfens <MVP>" wrote:

are you 100% postivie this is a single forest?
Try opening the schema admin and verify whether the sms classess exist.
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq01.mspx#EOB

--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Jon" <Jon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E37F6250-2AB0-4B57-803F-88137D0AF8CF@xxxxxxxxxxxxxxxx
Configuration:

I am trying to setup SMS 2003 SP2 with SQL 2005 on a Win 2003 server.
We
have a single forrest with four domains. Domain A and B are equal
with
each
other and Domains B1 and B2 are equal with each other but are
children to
Domain B. The SMS site/server are in B allong with other member
servers,
all
user accounts, and a few desktops. The majority of our desktops are
in B1
with a few other desktops in B2. All of this is in one geographic
location,
one SMS Site, and one AD site. All desktops are running Win XP SP2
and so
my
SMS site is using Advanced security. I have extended the AD Schema
(first
for SMS 2003, then AGAIN after I upgraded to SMS 2003 SP2). I
checked the
log file to verify the schema extention was successfull (both times)
SMS
was
able to successfully create the System Management container within
the
System
container. The SMS Server has full controll of the System contain
and all
subcontainers and objects.

SMS Can do:

SMS has correctly detected AD Security Groups, Users, and Servers and
Desktops from domain B. Client push is successful for
desktops/servers in
domain B. Manual install of client is successful on desktops in
domain
B1.
Hardward inventory collection and software inventory collection is
successful
for all clients regardless of what domain they are in or how they
became
clients.

Problem:

1) SMS does not see any servers or desktops in any of the domains
other
than those that are joined to domain B. This is a show stopper for
us
since
most of our desktops are in domain B1. I am confident we could
"Force" it
to
work by implementing a script or something but I really want to use
SMS's
AD
System Discovery to discover them so that we can *KNOW* that our
harware
information is accurate as time goes on.
2) Nothing has been published in the AD Systems Management container
the
SMS server created during the initial install/setup.
3) Site Status messages make me believe there is a permissions
problem
somewhere but I cannot find it since the SMS server has full control
permissions
4) Site Status messages also say that I need to extend the schema.
This
is
equally baffling because I've already successfully extended the
schema
twice.

I think these problems are all related but I am at a loss for how to
"fix"
them because everything I have read that I should do, I have already
done.

Please help.

Thanks,

Jon






.

Loading