Re: Schema Update Problem
- From: Michel-Vincent <MichelVincent@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 5 Oct 2006 03:20:02 -0700
Hello,
1. netdom query fsmo
Well, it does not relate directly to your SMS issue, but it is not
recommended to keep all FSMO servers on the same box, especially in
multi-domain environments. if your "Ad Master" is also a GC, it might lead to
authentication issues (group membership...)
2. Backup/restore
If you somehow restored a DC (backup tool, AD restore, Ghost...) it might
lead to authentication issues (group membership...)
3. In one rare occasion, I experienced something similar and I solved it by
.... rebooting the SMS server and re-running extadsch.exe from the sms server.
I guess it had something to do with the computer account token not being up
to date (although normally it should use the user acount you are logged in
with...?)
4. You might also want to check that the user you are logged in is correctly
authenticated by the AD. Use the "set" command and look for the logonserver
variable. Is it a DC? kerbtray might also help.
Hope it helps
Cheers
MV
--
Michel-Vincent Leriche
http://mvleriche.spaces.live.com
"Lok" wrote:
Hi,.
I have confirmed the Schema Master is also my Master AD Server. Here is the
"netdom query fsmo" result, what can I do with this?
===========================================================
C:\Documents and Settings\Administrator>netdom query fsmo
Schema owner <Master AD Server>.<Domain>.com
Domain role owner <Master AD Server>.<Domain>.com
PDC role <Master AD Server>.<Domain>.com
RID pool manager <Master AD Server>.<Domain>.com
Infrastructure owner <Master AD Server>.<Domain>.com
The command completed successfully.
===========================================================
Also, what's mean by "make sure it was not backuped/restored recently..."?
Thanks a lot!
"Michel-Vincent" <MichelVincent@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A4F8C813-682A-4F8C-AE8C-A4E82BEDB7BC@xxxxxxxxxxxxxxxx
Hello
What you did looks ok to me. It should work...
One thing to check: the Schema Master.
I would check potential DNS issues, netdom query fsmo, make sure it was
not
backuped/restored recently...
Hope it helps
Best regards,
Michel-Vincent
--
Michel-Vincent Leriche
http://mvleriche.spaces.live.com
"Lok" wrote:
Hi,
Thanks for information.
I have checked the MS-SMS-Management-Point and no dNSHostName associated.
Can I add it manually?
I have worked a lot on checking schema permission, let me explain what I
have checked.
- I am running 2003 AD upgrade from 2000 AD. I have checked the registry
"HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Schema Update
Allowed" is set to 1.
- In the Active Directory Users and Computers console. The System folder
has
allowed my SMS Server Computer Account full permission, subfoler "System
Management" and "SMS-MP-XXX-XXXX" and "SMS-SLP-XXX-XXXX" has inherited
the
permission.
- Schema Admins included "administrator" and also SMS Server Computer
Account.
- I ran extadsch.exe from SMS SP2 CD, with "administrator" privilege,
tried
in both Master AD and also SMS Server. Extadsch.log shows the failure.
Do I miss any step?
Thanks!
"Michel-Vincent" <MichelVincent@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:4931AC8F-E03B-4E42-BEF8-C7BB6DFB6AF0@xxxxxxxxxxxxxxxx
Hello
"Besides, is the failure because the attributes are already exists?
What
does
SMS SP2 do with these attributes?"
SP2 schema modification simply associates the pre-existing dNSHostName
attribute class with the pre-existing
MS-SMS-Management-Point object class. It does NOT create any new object
or
attribute classes.
It really looks like a permission/rights issue to me... Can you check
that
dNSHostName is associated with MS-SMS-Management-Point in the Schema?
If
yes,
it means schema extension by SP2 was successful after all...
Hope it helps,
MV
--
Michel-Vincent Leriche
http://mvleriche.spaces.live.com
"Lok" wrote:
Thanks for the information
However, I have already worked around with the schema permission but
the
result is no good.
Let me explain what I have done.
1. Since there is no 2000 AD server, I use a non-AD 2000 server to
open
the
Schema Admin Console and verified the box "The Schema may be modified
on
this Domain Controller" is already checked.
2. the "administrator" account is already "Schema Admins" group. I
performed
extadsch.exe in the Master AD, but the same failure result.
3. I created another "SMSAdmin" account, with "Domain Admins" and
"Schema
Admins" only. I login this account to the Master AD and perform
extadsch.exe, but the same failure result.
Besides, is the failure because the attributes are already exists?
What
does
SMS SP2 do with these attributes?
Thanks a lot!
"okis14" <okis14@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:220FF92D-EC77-435C-964F-BDEFD9F29DE1@xxxxxxxxxxxxxxxx
Is the account you ran the extadsch.exe in the schema admins group?
http://www.faqshop.com/sms2003/default.htm?http://www.faqshop.com/sms2003/ssinst/failed%20extend%20ad%20schema.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;830022&Product=sms2003
"Lok" wrote:
Hi all,
I have problem related to Schema Update. SMS_SITE_COMPONENT_MANAGER
always
shows the following error:
===ErrorMsg===================================================================
Systems Management Server cannot update the dNSHostName property
for
the
existing object "cn=SMS-MP-<site>-<server>" in Active Directory.
This
property is used to publish fully qualified host names in Active
Directory.
Possible cause: The Active Directory schema has not been extended
with
latest version of the SMS Active Directory classes and attributes.
Solution: Ensure the schema has been extended with the latest
version
of
the
SMS Active Directory classes and attributes. The schema can be
extended
with the tool "extadsch.exe" from the SMS directory on the SMS Site
server
that reported this message.
===ErrorMsg===================================================================
Then I use Schema Admin to view the attributes, it shows the
following
information.
Is the common name correct with "xmS", "xMS" and "XMS" as starting
letters?
It seems weird with these names. If it is the problem, how can I
correct
them?
===schemaadmin=============================================================
Attribute CommonName
mSSMSAssignmentSiteCode
xmS-SMS-Assignment-Site-Code
mSSMSDefaultMP xMS-SMS-Default-MP
mSSMSDeviceManagementPoint xmS-SMS-Device-Management-Point
mSSMSMPAddress xMS-SMS-MP-Address
mSSMSMPName xMS-SMS-MP-Name
mSSMSRangedIPHigh xMS-SMS-Ranged-IP-High
mSSMSRangedIPLow xMS-SMS-Ranged-IP-Low
mSSMSRoamingBoundaries xMS-SMS-Roaming-Boundaries
mSSMSSiteBoundaries xMS-SMS-Site-Boundaries
mSSMSSiteCode XMS-SMS-Site-Code
===schemaadmin=============================================================
Then I try to run extadsch.exe from SP2 disc, extadsch.log shows
the
following error. However, I have used the administrator privilege
and
run
in
Master AD Server. And I have performed success
===extadsch.log================================================================
<09-22-2006 09:30:40> Modifying Active Directory Schema - with SMS
extensions.
<09-22-2006 09:30:40> DS
Root:CN=Schema,CN=Configuration,DC=<domain>,DC=com
<09-22-2006 09:30:41> Failed to create attribute
cn=MS-SMS-Site-Code.
Error
code = 8245.
<09-22-2006 09:30:42> Failed to create attribute
cn=mS-SMS-Assignment-Site-Code. Error code = 8245.
<09-22-2006 09:30:42> Failed to create attribute
cn=MS-SMS-Site-Boundaries.
Error code = 8245.
<09-22-2006 09:30:43> Failed to create attribute
cn=MS-SMS-Roaming-Boundaries. Error code = 8245.
<09-22-2006 09:30:43> Failed to create attribute
cn=MS-SMS-Default-MP.
Error code = 8245.
<09-22-2006 09:30:43> Failed to create attribute
cn=mS-SMS-Device-Management-Point. Error code = 8245.
<09-22-2006 09:30:44> Failed to create attribute cn=MS-SMS-MP-Name.
Error
code = 8245.
<09-22-2006 09:30:44> Failed to create attribute
cn=MS-SMS-MP-Address.
Error code = 8245.
<09-22-2006 09:30:45> Failed to create attribute
cn=MS-SMS-Ranged-IP-Low.
Error code = 8245.
<09-22-2006 09:30:45> Failed to create attribute
cn=MS-SMS-Ranged-IP-High.
Error code = 8245.
<09-22-2006 09:30:46> Failed to create class
cn=MS-SMS-Management-Point.
Error code = 8245.
<09-22-2006 09:30:47> Failed to create class
cn=MS-SMS-Server-Locator-Point.
Error code = 8245.
<09-22-2006 09:30:47> Failed to create class cn=MS-SMS-Site. Error
code
=
8245.
<09-22-2006 09:30:48> Failed to create class
cn=MS-SMS-Roaming-Boundary-Range. Error code = 8245.
<09-22-2006 09:30:48> Failed to extend the Active Directory schema.
Your
Active Directory does not allow schema updates.
===extadsch.log==============================================================
Can anyone help?
Thanks a lot
Lok
- Follow-Ups:
- Re: Schema Update Problem
- From: Torsten [MVP]
- Re: Schema Update Problem
- References:
- Schema Update Problem
- From: Lok
- RE: Schema Update Problem
- From: okis14
- Re: Schema Update Problem
- From: Lok
- Re: Schema Update Problem
- From: Michel-Vincent
- Re: Schema Update Problem
- From: Lok
- Re: Schema Update Problem
- From: Michel-Vincent
- Re: Schema Update Problem
- From: Lok
- Schema Update Problem
- Prev by Date: Re: Schema Update Problem
- Next by Date: Re: Issue with Advanced Client installation
- Previous by thread: Re: Schema Update Problem
- Next by thread: Re: Schema Update Problem
- Index(es):
Relevant Pages
|
