Re: SMS_SITE_COMPONENT_MANAGER errors

From: Evan [MSFT] (esc_at_online.microsoft.com)
Date: 06/10/04

  • Next message: ipsec23: "Re: Patch Deployment Issue and SMS Rebooting!" 
    Date: Thu, 10 Jun 2004 09:44:58 -0700

    You would add the site server's machine account to the Administrators group
    on the DC so it can access AD. From a cmd prompt on the DC, "net localgroup
    /add Administrators <site server machine name>$" should do it. Then check
    the Administrators group to be sure it really did get added.
    However, the error may be due to not having extended the sms schema (you can
    use extadsch.exe to do this) - have you done that? 

    -- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Patrick" <anonymous@discussions.microsoft.com> wrote in message
news:36672E42-FB19-45CC-969A-0EDB6CB010FE@microsoft.com...
> Hi!
>
> I have the following error in the SMS_SITE_COMPONENT_MANAGER
>
> Message ID:4909
> Process ID: 440
> Thread ID: 3820
> Description: SMS Systems Management Server could not locate the "System
Management" container in Active Directory.  Nor could it create a default
container.  This will prevent Site Component Manager from updating or adding
any objects to Active Directory.
>
> Possible cause: This site's  SMS Service account or the site server's
machine account might not have the correct rights to update active
directory.
> Solution: Either give the Service Account rights to update the domain's
System Container, or manually create the "System Management" container in
this domain's Active Directory system container, and give the Service
Account full rights to that container (and all children objects.)
>
> ----
>
> Which account should be granted these rights and where would I put these
accounts?
>
> I'm running SMS 2003 in advanced security mode
>
> Thanks in advance for any help
>
> /Patrick
  • Next message: ipsec23: "Re: Patch Deployment Issue and SMS Rebooting!"

    Relevant Pages

    • Re: cannot add local user to local group
      ... You can control the Local Administrators group with the Restricted Groups Policy. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... One local user account "test" and one domain user ... "Member of" tab is empty. ...
      (microsoft.public.win2000.active_directory)
    • Re: Local admin domain user
      ... Do not take this as an endorsement of your need to give users local admin ... That said, on the client machine, add the users domain account to the local ... administrators group, click "ADD", select the domain where the account ... > I need the users to have admin rights to their workstation ...
      (microsoft.public.win2000.security)
    • Re: Need Administrator authority
      ... I'm a member of the administrators group but that is apparently not enough. ... If you're logging onto the machine as garydean and the account is an admin/user account, then add user/garydean with full rights to match Administrators, because in some cases, Vista and UAC look at the combined rights of the two accounts, if that *user* account is missing or doesn't match the rights of Administrator's, then access denied or you don't have the privileges. ...
      (microsoft.public.windows.vista.general)
    • Re: Adv Security
      ... I see now that while I added the machine account to Domain ... Domain Admins didn't have enough rights to the System Container. ...
      (microsoft.public.sms.setup)
    • Re: Desperate seeking some tech. information
      ... the changes that SMS makes to the default domain policy. ... >container, objects within that container or just strips ... >the service account has permission to do so. ... confers no rights. ...
      (microsoft.public.sms.admin)
    • Quantcast