SCCM 2012-Active Directory Site

Similar Messages

• SCCM 2012 Active Directory System Discovery - How does it find systems?

  I have setup System Discovery for the forest and have not limited the view of the forest in any way.  Also I have it to setup to discover everything, no limits on the number of days since last check-in. But I have some objects that haven't checked
  into the domain in years that are enabled (yes i want to delete them) and others are disabled that don't show up.  If there is a discovered object that I disable in AD, I run a full discovery and it still found.
  My question is for this discovery, what criteria does SCCM look for?  I assume that it authenticates to the domain with the supplied user account and reads Active Directory and pulls objects.  From there, does it pull Disabled objects or leave
  them be?  If a client hasn't checked in in over 90 (or any number) days, does it discard that automatically? I'm just trying to understand the discovery process.
  Jason Apt, Microsoft Certified Master | Exchange 2010
  My Blog

  it should look for objects that are in AD and also in DNS. When you use the 90 days rules, those objects will not be deleted from the ConfigMgr database (that's a site maintenance rule), the discovery process will just not discover the object.
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund

• SCCM 2012: Active Directory Group Discovery, Delta Discovery?

  Hi,
  Our scenario:
  *Software is requested via a seperate system which puts AD computer objects in groups
  *Software within SCCM 2012 is deployed to computer collections
  *Computer collections query AD groups, in those AD groups the pc's reside
  *Collections memberships run via AD query (every 20 minutes)
  *We deploy an OS (Windows 7) via SCCM
  *Machine policy is updates every 20 minutes
  What is important: AD Group discovery is set to full discovery every 7 days, delta discovery set to 15 minutes
  So what happens:
  *Pc is staged correctly with Windows 7 but software isn't coming through in time (sometimes it's there within the hour, sometimes it takes 6 hours)
  *If we run a full AD Group discovery mostly software is installing immediately
  *Sometimes a SCCM 2012 client machine reset policy or reinstall client solves the problem
  My questions:
  *Would it be better to run full discoveries every x minutes since this always solves our problem
  *Would it be better to disable the delta discovery if we do the change above to minimize AD queries
  => tried that now (full discovery every 30 minutes and disabled delta discovery) but I don't want to put to much pressure on our domain controller
  *Our software collections are limited to all systems, we could limit them to a Windows 7 collection. Probably we should do that but any suggestion how to do this safely in Powershell?
  Please advise.
  J.
  Jan Hoedt
  Note: what I don't get is why a full ad discovery system discovery sovles the problem since SCCM 2012 collections do a AD query, what 's the link there?

  So, let me see if I get this correct for our situation:
  Our own developed system puts pc’s in AD groups
  SCCM 2012 polls these groups, by default 1/week full discovery then every 30 minutes a delta discovery
  We deploy software to computer collections, these collections check the SCCM 2012 database every 30 minutes (collection update) Note: the query our collection do, is based upon requirement of Windows 6.1 + membership of an AD group.
  The SCCM 2012 client/computer does a computer policy update every 30 minutes to see what collections it is member of and see then the software to be deployed
   2 questions:
  *Our my assumptions correct? Specifically point 3.: is the query fully coming from an ad sync (or also from sccm client, f.e. Windows 6.1%)?
  *Don’t we have a step to much then, wouldn’t it be better to add a direct membership of the AD group within SCCM? This direct membership would mean no query and so save us about 20 minutes (run of query)?
  Jan Hoedt

• The user and the mailbox are in different Active Directory Sites

  Hi All,
  I have 2 site, each site have an Exchange Server 2010 SP1, let say Site HQ and Site DRC I monitored it with SCOM 2007 R2, site HQ successfully monitored, then I continue try to monitor DRC site. I executed new-TestCasConnectivityUser.ps1 at MBX DRC Site
  to create extest user.
  Then I try to execute command to test-connectivity, but it failed.
  Test-OwaConnectivity -TestType:Internal -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true | fl
  RunspaceId                  : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  AuthenticationMethod        :
  MailboxServer               : CONMBX02.contoso.com
  LocalSite                   : CONMBX02.contoso.com
  SecureAccess                : False
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : DRCCAS01
  LocalSiteShortName          : CONMBX02
  ClientAccessServer          : DRCCAS01.contoso.com
  Scenario                    : Reset Credentials
  ScenarioDescription         : Reset automated credentials for the Client Access Probing Task user on Mailbox server CON
                                MBX02.contoso.com.
  PerformanceCounterName      :
  Result                      : Failure
  Error                       : [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while t
                                rying to access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extes
                                t_xxxxxxxx
                                 Additional information:
                                 [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
                                different Active Directory sites..
  UserName                    : extest_xxxxxxxx
  StartTime                   : 04/01/2012 20:46:19
  LaCONcy                     : 00:00:00.0156460
  EventType                   : Error
  LaCONcyInMillisecondsString :
  Identity                    :
  IsValid                     : True
  WARNING: No Client Access servers were tested.
  RunspaceId          : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  Events              : {Source: MSExchange Monitoring OWAConnectivity Internal
                        Id: 1005
                        Type: Error
                        Message: Couldn't access one or more test mailboxes.
                        The service that is being tested will not run against these mailboxes.
                         Detailed information:
                        Local Site:DRCProduction
                        [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while trying to
                         access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extest_xxxxxxxx
                         Additional information:
                         [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in differen
                        t Active Directory sites..
  PerformanceCounters : {Object: MSExchange Monitoring OWAConnectivity Internal
                        Counter: Logon LaCONcy
                        Instance: DRCCAS01.contoso.com|DRCProduction
                        Value: -1000}
  any help appreciate it.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

  Hi
     Removed existing test account on two site.
     Then created test account on DGC through new-TestCasConnectivityUser.ps1.
     Flushed Health Service on RMS.
  Terence Yu
  TechNet Community Support
  Hi
  What do you mean on DGC ? you mean I have remove both test account or just at DRC site only ?
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

• SCCM 2012 Installation Directory Registry Key chaning automatically to Old Installation Path

  Hi Guys,
  I have recently recovered SCCM 2012 SP1 CAS Site from Primary Site by reinstalling CAS site and database was replicating with Primary sites properly after CAS recovery. But we noticed that after approx. 2 hours of CAS site recovery database replication stopped.
  After long digging into SCCM log files we found that SCCM installation directory was pointing to old CAS Site Installation Directory (Which was before recovery) instead of NEW Installation Directory so we changed SCCM CAS Site Installation Directory manually
  to new installation path in below registry key and everything was running fine again on CAS Site.
  HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Identification
  But again when we restarted SMS_EXEUTIVE Service, SCCM Installation Directory again changed to old installation patch under above registry location and all is bad again. We are unable to figure out what is causing this and even we formatted our HDD before
  installation CAS Site.
  Can anyone please help to get rid of this issue. Our while CAS site is down due to this issue.
  Thanks.

  I think that you have to use the same installation directory in a site recovery scenario.
  Torsten Meringer | http://www.mssccmfaq.de

• Upgrade from Windows Server 2012 Active Directory to Windows Server 2012 R2 Active Directory

  We are currently running Windows Server 2012 Active Directory and would like to upgrade to Windows Server 2012 R2 AD. Is it OK to just do an in-place upgrade, or is it advisable to build new domain controllers on R2? Are there any guides or articles anyone
  can recommend?

  Hi Ginandtonic,
  To upgrade DC(Domain Controller) from windows server 2012 to windows server 2012 r2, please refer to these articles:
  Upgrade from windows Server 2012 to 2012 R2                                 
  Upgrade Active Directory from 2012 to 2012 R2
  I hope this helps.
  Best Regards,
  Anna

• Test-OutlookConnectivity fails with '[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sites'.

  I have a two site DAG, and the command is running from the alternate site where the databases are not currently being hosted. The following command...
  Test-OutlookConnectivity -Protocol:TCP -TrustAnySSLCert:$true -MonitoringContext:$true
  ...errors with the following output:
  An error occurred while trying to access mailbox CurrentlyHostingMBServerName.InternalDomainName, on behalf of user InternalDomainName\extest_bb13200232474
   Additional information:
   [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sit
  es..
      + CategoryInfo          : OperationStopped: (Microsoft.Excha...onnectivityTask:TestOutlookConnectivityTask) [Test-
     OutlookConnectivity], CasHealthStorageErrorException
      + FullyQualifiedErrorId : F2F8AC0D,Microsoft.Exchange.Monitoring.TestOutlookConnectivityTask
  I thought this command would work based on the 'AllowCrossSiteRpcClientAccess: True' option on the DAG.  The command works well if run a CAS server in the active DB site.

  Hi,
  Exchange 2013 users use Outlook Anywhere to connect to CAS server. You may run the RCA to test the connectivity:
  https://www.testexchangeconnectivity.com/
  Thanks,
  Simon Wu
  TechNet Community Support

• How to setup IPV6 boundary for SCCM 2012 R2 Primary Site?

  How to setup IPV6 boundary for SCCM 2012 R2 Primary Site?
  I have Direct Access implemented in my environment. I have Windows 8.1 machine connecting through direct access.
  I want to manage the windows 8.1 through SCCM. How do I setup IPV6 boundary. Can someone guide me through?
  Below are the Windows 8.1 client IP Configuration
  C:\Windows\system32>ipconfig
  Windows IP Configuration
  Wireless LAN adapter Local Area Connection* 3:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
  Wireless LAN adapter Wi-Fi:
     Connection-specific DNS Suffix  . : home
     Link-local IPv6 Address . . . . . : fe80::7466:11a5:39ed:ffb0%4
     IPv4 Address. . . . . . . . . . . : 192.168.1.5
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.1.1
  Tunnel adapter isatap.home:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : home
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Connection-specific DNS Suffix  . :
     IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1494:1339:93d6:439c
     Link-local IPv6 Address . . . . . : fe80::1494:1339:93d6:439c%9
     Default Gateway . . . . . . . . . :
  Tunnel adapter iphttpsinterface:
     Connection-specific DNS Suffix  . :
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000:e1a7:9cc8:c3c7:d819
     Temporary IPv6 Address. . . . . . : fd64:fc00:d17b:1000:206c:f857:ddbe:2f2b
     Link-local IPv6 Address . . . . . : fe80::e1a7:9cc8:c3c7:d819%10
     Default Gateway . . . . . . . . . :
  Below are the IPConfiguration details for Direct Access server
  C:\Windows\system32>PsExec.exe \\MURA01 ipconfig
  PsExec v1.98 - Execute processes remotely
  Copyright (C) 2001-2010 Mark Russinovich
  Sysinternals - www.sysinternals.com
  Windows IP Configuration
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:3333::1
     Link-local IPv6 Address . . . . . : fe80::b1ad:1c29:b4a:9125%15
     IPv4 Address. . . . . . . . . . . : 10.192.1.25
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.192.1.1
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
  Tunnel adapter isatap.{3D6A5E86-D85A-46C8-B69B-FFCF6D5D849C}:
     Connection-specific DNS Suffix  . :
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1:0:5efe:10.192.1.25
     Link-local IPv6 Address . . . . . : fe80::5efe:10.192.1.25%18
     Default Gateway . . . . . . . . . :
  Tunnel adapter 6TO4 Adapter:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
  Tunnel adapter IPHTTPSInterface:
     Connection-specific DNS Suffix  . :
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000::1
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000::2
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000:2552:e9f8:87d3:ed8e
     Link-local IPv6 Address . . . . . : fe80::2552:e9f8:87d3:ed8e%20
     Default Gateway . . . . . . . . . :
  ipconfig exited on MURA01 with error code 0.
  Below are the IPCONFIG Details for SCCM Server:
  C:\Windows\system32>PsExec.exe \\sccm01 ipconfig
  PsExec v1.98 - Execute processes remotely
  Copyright (C) 2001-2010 Mark Russinovich
  Sysinternals - www.sysinternals.com
  Windows IP Configuration
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Link-local IPv6 Address . . . . . : fe80::9f0:86f9:441d:bc07%12
     IPv4 Address. . . . . . . . . . . : 10.192.1.30
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.192.1.1
  Tunnel adapter isatap.{0749E47D-AE0A-4D47-9D37-BDDC848E56F6}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
  ipconfig exited on sccm01 with error code 0.
  What will be the IPV6 values to configure boundary?

  Depending on how the clients connect use the IPv6 prefix of their 6to4, Teredo, and/ or IP-HTTPS tunnel. Just keep in mind that it could become a long list...
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• New 2012 Active Directory Domain - Naming Convention

  Hi Guys,
  I am working for a start-up company, who currently use Office 365 (Mid-Size Business) for their email and for the use of SharePoint.
  I have been tasked with designing and building a fresh new 2012 Active Directory, but I am a little unsure of how to name the new domain with Server 2012, previously I would have used a ".local" name, but I have read a lot of articles that say
  this should not be done anymore, rather we use the external domain name of the company with a sub-domain prefixed.
  Whilst I have read quite a bit about this method, there doesn't seem to be a clear right or wrong answer, can someone advise what would be best practice in my situation?
  Kind Regards
  Simon

  Thanks for all the information guys :-)
  Our external domain is as follows:
  company.parentcompany.org.uk
  I am now looking at using the following name internally:
   internal.company.parentcompany.org.uk
  What (if any) DNS entries are required for browsing to our website, and for using outlook online and lync online?
  Many thanks for any help that can be provided.
  Regards
  Simon.

• Replication with Domain and Sub domain in Active directory sites and services

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
  it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
  because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
  Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
  How Domain and Forest Trusts Work
  http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
  http://technet.microsoft.com/en-us/library/cc730868.aspx
  http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• Route mail and Active Directory Sites and Services configuration

  Folks,
  I have a problem in the internal email routing. My network is spread across various regions and the branch offices are connected together in a mpls network (full mesh). Every region has its own Exchange Server with all roles installed and the smtp connection
  to the outside world is linked to two Exchange servers in the headquarter server farm.
  The problem is that internally I often see emails going across the Exchange Servers in the branch offices where there is low bandwidth (from 3 to 5 Mbps), thus email are sent first to these servers instead of going immediately to the Exchange hosting
  the mailboxes of the intended recipients. This happens also with inbound emails.
  This causes slowness in the email system and sometimes also the network with these branch offices suffers from packet loss or very high latency.
  I know that Exchange is a site-aware application and uses the Active Directory topology for message routing and to communicate with the services that are running on other Exchange 2013 computers. For this reason I have checked the Active Directory Sites
  and Services and surprisingly I have found that there are no sites, no subnets, nothing has been defined but the default settings, included the Inter-Sites transport which contains the default DEFAULTIPSITELINK.
  Apart from the fact that clients use logon servers which are not supposed to use in the far remote offices, I am concerned of changing the Exchange Infrastructure whilst the email system is running and I would like to ask your opinion about my next steps:
  1) Create subnets for every office
  2) Create sites and then link them to the subnets done in point 1
  3) Delete the DEFAULTIPSITELINK and create new site links based on the costs (network speed) in order to determine the best routing server. I have 5 remote offices with 5 different network bandwidth, so I'll have to create 5 IP site links: high cost for
  link with slow network, low cost for fast network.
  4) (Optional) Configure the Exchange-specific cost using the Set-AdSiteLink cmdlet to the AD IP site links created previously
  Apart from the valid questions on why the previous Exchange Administrator have forgotten to set up the Active Directory (Topology) Sites and Services...
  ...And why have chosen to install all Exchange Roles to each server when there was no reason to do that (there are two servers connected to the external smtp gateways in the headquarter, so in my opinion the Exchange Servers in the remote branch offices
  should have had only the mailbox and the cas role)...
  As a matter of fact, my idea is to go further and create the sites,subnets and the ip site link. If I still notice a wrong email flow, I can configure an ad-hoc Exchange-specific cost using the Set-AdSiteLink cmdlet. Does this sound reasonable to you guys
  or I am taking the wrong decisions?
  Thanks

  Thank you very much for your link. This is exactly the page I have read just before posting my question here. It is not easy for me to understand why this has been setup this way by a Microsoft certified engineer.
  There are specific rules to follow when Active Directory and Exchange are located in multiple sites and I am not a skilled Exchange Administrator... he keeps saying that it is correct and also tells that if I go forward with my ideas there is the
  risk to increase the level of complexity. I prefer more complexity than default setting, and as a consequence of that, connectivity problems!
  Hopefully everything goes well. I will post my results here once I have done the changes
  Regards

• 2012 Active Directory compatibility

  Hi,
  i have 2 servers one with all the setup Active Directory (Server 2003) and a new one for ERP application (Server 2012). My question is Whether 2 servers, 2003 Active Directory compatible with 2012 Active Directory and how to. Thank you for your
  kind advice
  Saiful

  Hi,
  If i understood correctly your question, you are asking if the 2003 AD domain controller is compatble with another 2012 AD domain controller?
  If this is the case then the answer would be yes once you have the schema requirements for 2012 domain controllers upgraded. There is an issue with 2003 DCs and 2012 R2 in terms of AES encryption but there is a hotfix for that released by Microsoft.
  See more below:
  https://support.microsoft.com/kb/2989971?wa=wsignin1.0
  http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windows-server-2012-domain-controller.aspx
  Hope it helps.
  Regards,
  Calin

• SCCM 2012 R2 Secondary site server will support the DMZ Zone?

  We are planning for SCCM 2012 Migration, currently we have separate Primary server in DMZ.
  Kindly suggest what is the best method to deploy in the DMZ (separate primary or secondary or DP) because we have only 500 Client in DMZ.

  Hi,
  There is a blog talking about this error. You could try the method in the blog.
  To summarise, when installing SCCM 2012 SP1 secondary site on a pre-configured SQL 2012 instance regardless which SQL edition is being used, “NT AUTHORITY\SYSTEM” account needs to be given
  securityadmin and sysadmin rights. If SQL Express is used, there are few additional steps need to be carried out to configure the SQL TCP connection as documented in my previous blog:
  http://blog.tyang.org/2012/04/09/installing-sccm-2012-rtm-secondary-site-using-a-pre-installed-sql-express-2008-r2-instance/
  Installing SCCM 2012 SP1 Secondary Site with a Pre-Configured SQL 2012 Instance
  Note:
  Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Introducing Active Directory sites AFTER exchange 2013 installation

  Hi
  We have multiple physical sites and only 1 active directory site.  Email environment is pure on-premises exchange 2013.  Each physical site has CAS/Mailbox servers.  There are not IP restrictions between these physical sites.  Everything
  is outlook anywhere obviously.
  I would like to introduce NEW AD sites for each of these physical locations.
  Do you see any major issues that I need to be aware of?  
  Can this be done in the middle of the day?
  Will there be pop ups in outlooks and disconnects?
  I appreciate your help.

  I haven't had to do this before, but I would probably schedule this at night as there are some changes that will need to be made on the Exchange side of things.
  Once you have the new AD Sites configured (Make sure you have at a minimum one Global Catalog, although I would recommend at least 2 in each AD site). You should cycle the AD Topology Service on each Exchange Server (this is going to cause all services
  to restart so do it one at a time).
  You should also use Set-ClientAccessServer and set the proper site scopes that you want Autodiscover to respond to. 
  I'm sure there's more, but that's what I can think of at the moment.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

• SCCM 2012 SP1 Secondary Site installation Fails

  Hi.
  I have multiple secondary sites when i am  trying to install  new SCCM 2012 Secondary site server remotely but installation status shows a pending from last few days.
  1) SEC server have privilages on System managent container
  2) Primary site Server account and computer have local admin right on SEC server
  hman logs says the following error message
  Cannot get SQL Certificate from site xxx
  CheckParentSQLServerCertificate: Failed to get SQL certificate for site XXX
  1) Deleted the secondary site and reinstalled the site with different Site code but no luck
  2) Able to telnet 1433 and 4022 from both primary to secondary and vice versa
  3) SQL server Configuration Manager , TCP IP port was set to 1433.
  please let me know if any thing i am missing
  Thanks

  Hi Guys
  Exact same problem as described above:
  Been told to install SQL Express manually first, but even after that, we continued to get the same problem.
  The SQL Communication between the 2 sites doesn't seem to work.
  I noticed that the Primary's SQL Security Account doesn't get created on Primary DB, in the Database replication the link has not yet been created either.
  The "Exec spDrsSendSubscriptionInvalid 'Secondary 3 digit site code','Primary 3 digit site code','configuration data'" worked on 1 Secondary, but fails on all the rest.
  Uninstalling/Installing the Secondary doesn't work either.
  HMAN.LOG:
  Update site server active directory informtion into DB SMS_HIERARCHY_MANAGER 2013/07/28 09:51:12 AM 7964 (0x1F1C)
  CheckSQLServiceRestart : SQL Service hasn't been restart since last time we check, skip it. SMS_HIERARCHY_MANAGER 2013/07/28 09:51:12 AM 7964 (0x1F1C)
     Time to verify if the parent['PRI-SITECODE'] sql server certificate is still valid on site ['SEC-SITECODE'] sql server. SMS_HIERARCHY_MANAGER 2013/07/28 09:51:12 AM 7964 (0x1F1C)
  Cannot get SQL Certificate from Site 'PRI-SITECODE'. SMS_HIERARCHY_MANAGER 2013/07/28 09:51:12 AM 7964 (0x1F1C)
  CheckParentSQLServerCertificate: Failed to get SQL certificate for site PM2 SMS_HIERARCHY_MANAGER 2013/07/28 09:51:12 AM 7964 (0x1F1C)
  Any ideas would be appreciated.