SCCM Console, untrusted forest

Hi,
I have a site system server with MP, DP in a untrusted forest. Is it possible to install SCCM console on it and connect back to Primary server?
I have checked all ports that are in the documentation https://technet.microsoft.com/en-us/library/hh427328.aspx?f=255&MSPPError=-2147217396 regarding "Configuration Manager Console" but I still cannot run the console. I have tried opening
SCCM Console with RunAs and a account in the Primary servers forest.
Does the MP, DP need to have firewall ports open to the Primary servers forests domain controllers and to authenticate ?
In that case what are ports needed?
/A

Hi Peter,
We want to have a console on each untrusted forest site system server to be able to manage the computers in the untrusted forest with Right-Click Tools and Remote Control. Because the untrusted site system server is on the network already, many firewall
ports all already allowed. We don't want to do it through the Primary because of the difficulty of opening for all firewall ports that are needed for remote tools.
Does that make sense?

Similar Messages

  • SUP in untrusted forest using SCCM 2012 SP1

    Hi, I have a single primary site in a single domain/AD forest. I also have a single site system in an untrusted forest behind a firewall.
    I have installed a DP and an MP onto this server in the untrusted forest and have now installed WSUS and added the SUP role. The SUP role has been installed, however the SUP in the untrusted forest isnt synching its catalog from the SUP in the primary
    site.
    In the Software Update Point Synchronisation Status, its source is specified as Microsoft Update, rather than the name of the Priamry Site server with the SUP role.
    The relevant ports 80/443/8530/8531 are open between the two forests, but it doesnt appear to attempt to sync from the primary site.
    How do I get this SUP to sync from the Primary site? I've tried setting a WSUS Server Connection Account, but this doesnt appear to make any difference.
    Thanks for your help.
    Carl

    I had to remove the use of the proxy server at the primary SUP so that it downloads directly from the internet without the use of a proxy.
    As soon as this was removed the untrusted SUP synchronised successfully. Even though the proxy isnt specified in the SUP properties of the untrusted site system, it still appears to use this when performing a sync.
    Do you want to file this on Connect as feedback to the Product Group?
    https://connect.microsoft.com/ConfigurationManagervnext/Feedback
    Rob Marshall | UK | My Blog |
    WMUG |
    File CM12 Feedback |
    CM12 Docs |
    CM12 Release Notes

  • SCCM 2012 R2 - Install MP in the Untrust forest How to???

    Hello my Customer want to install a MP in untrusted forest...
    1- I have added the forest in the add forest menu
    2- I have place the option of the client push installation
    3- The sccmadmin account with the same password it was created in the untrusted forest
    4- But the AD said connection error with th untrusted forest.
    3- What is the good step by step to accomplish this installation?

    Extending the AD schema is not a requirement, unless you are using Network Access Protection, see also:
    http://technet.microsoft.com/en-us/library/gg712272.aspx
    I don't what errors you get, but also make sure that the site is not trying to publish information to that AD. That could cause errors, if the AD schema is not extended.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Domain is not discovered in untrusted forest

    I have the following Setup.
    Domain A in forest A. ASCCM2012 Primary Server  with SCCM 2012 SP1 CU1 server installed with MP,DP and SUP. Domain A i a 2008 R2 domain.
    Domain B in Forest B, MP and DP and SUP installed on BSCCM2012. Domain B is a 2012 domain.
    There is no trust between forest A and forest B. For the testing the firewalls on the SCCM servers are disabled. There is full network connectivity between the servers. I have setup a forest discover account SCCMADDiscover that is created in domain B as a normal
    user.
    Problem.
    I have setup forest discovery (and thereby forest publishing) of the Forest B on the Primary SCCM server.
    In the console on the "Active Directory Forests" it says that both the discover and the publishing have been successfully.
    But when I look at the "Domains" tab for the Forest B it says “No Items Found”.
    When I look in the ADForestDisc.log file I see the following errors:
    Entering function GetUserCredentials() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:20 7988 (0x1F34)
    ERROR: [ForestDiscoveryAgent]: Failed to save data for domain B in forest B due to ActiveDirectoryOperationException. Discovery will be attempted on next cycle. SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function ReportForestDiscoverySuccessStatusMessage() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Raising discovery success status message for forest B, in which we discovered 1 site(s) and 0 subnet(s). SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Calling ReportStatus, keys= SMS_AD_FOREST_DISCOVERY_MANAGER, 1073750724, 0 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    STATMSG: ID=8900 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_FOREST_DISCOVERY_MANAGER" SYS=ASCCM2012 SITE=P01 PID=2344 TID=7988 GMTDATE=to maj 16 11:07:21.315 2013 ISTR0="AssensOpen.dk" ISTR1="" ISTR2="" ISTR3=""
    ISTR4="0" ISTR5="1" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForAllSiteSystems() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Trying to update forest fqdn for all site systems associated with site P01 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForSiteSystems() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::GetForestName() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Trying to discover forest name for server BSCCM2012. SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Failed to get the domain basic info for machine BSCCM2012. Error returned is: 5 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::GetForestName() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Trying to discover forest name for server BSCCM2012 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Failed to get the domain basic info for machine BSCCM2012 Error returned is: 5 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    As it can be seen in the log file it fails to get forest name and domain name for the server BSCCM2012 in the untrusted domain. It gets an error 5 that I assume is a Access Denied.
    I have tried to give the SCCMADDiscover account domain and enterprise admin rights but that did not help. I have also tried to add the SCCMADDiscover to the local admin group on BSCCM2012 server but that didn’t help either.
    It also seems that the data is not saved correct.
    ERROR: [ForestDiscoveryAgent]: Failed to save data for domain B in forest B due to ActiveDirectoryOperationException
    Where is it the SCCMADDiscover account have insufficient rights?
    Thomas Forsmark Soerensen

    Thanks for letting me know. This means that this is not the root cause, so I can focus on other things.
    There´s also another problem I´m not sure if it related to the Forest Discovery and I wonder if it´s the same for you. I will create a separate topic if it´s not related, but maybe you can confirm from your side. For the Computers which have been discovered
    in the untrusted Forest, when I go to the properties of a system, the property "System OU Name" changes from time to time. When I look at the property throughout the day for different systems it´s sometimes empty, sometimes shows the complete OU paths and
    sometimes just the single OU Containers. For example when a System is located in EU\COMPUTERS\SERVERS, sometimes the whole path is shown (like for all systems in the trusted Forest) and sometimes it just shows "EU";"COMPUTERS";"SERVERS" or it´s just empty.
    All for the same system during different times throughout the day. Like it´s not able to grab the complete OU paths. I have no error in the AD System discovery log, so I wonder if this is related to the Forest Discovery too.
    This makes it impossible to build collections based on System OUs, so I am using the DN currently (which is populated properly).

  • User-based deployment to untrusted forest

    Case:
    Domain A has ConfigMgr 2012 server with all roles (MP, DP, SUP...)
    Domain B is untrusted and hasn't got any ConfigMgr site server roles installed
    ConfigMgr site has been introduced to Domain B also, so all the resources can be discovered (systems, users)
    I can deploy software to systems in the untrusted forest
    I cannot deploy software to users in the untrusted forest
    Is this normal behavior? Do I need MP to untrusted forest so that I can get my user deployment's working? When I deploy software to users in the untrusted domain, they don't even show up in the AppDiscovery.log and deployment status on the console doesn't
    show the device for the user.

    See the Support for users in untrusted forests section at http://blogs.technet.com/b/configmgrteam/archive/2012/07/05/tips-and-tricks-for-deploying-the-application-catalog-in-system-center-2012-configuration-manager.aspx
    Jason | http://blog.configmgrftw.com

  • Software Updates in an Untrusted Forest

    Hi all,
    I've build a SCCM2012R2 site with 2 forests involved. They are UNTRUSTED.
    Forest 1 contains a primary site with SQL and a secondary across WAN distribution point. This all worked great for Applications and Window Updates.
    The second untrusted forest has 1 site server with a Management Point, Fallback Status point, Distribution point and default roles. for some reason I can't get a client in the untrusted forest to get the software update packages I create.
    I have deployed them to all distribution points and the clients in the untrusted forest (manually installed) have shown up in SCCM and are in the correct test collection.
    Boundary groups have been setup with boundaries on IP subnets.
    Is there any specific logs I can check? Does the a Software update point need adding to the untrusted forest site system?
    A firewall block communication between the forest to I have created Site server to Site server rules but untrusted forest client don't have access back to the primary site server.
    If I could just get this software updates working I'm complete!! Any help would be great!!

    Thanks for the help trouble shooting,
    This is now resolved.
    For info the clients in the untrusted forest need to be able to access the WSUS website. As I have a locked down firewall between my forests I add an Any to SCCM WSUS on port 8530 and tested on IE. Page comes up as access denied but it proves the connection.
    Software deployment and WSUS on an untrusted domain with out any AD connection, DNS or WINS requires a manual (or scripted) install of the clients specifying the SMSLP, SMSSITECODE, SMSMP and SMSFSP for that forest. All these roles need are required
    to be installed for the site server for that untrusted forest when adding it into SCCM if you don't have access to the forests AD or DNS.
    The only connection clients seem to need back to the primary site it the WSUS website for syncing. Packages are still distributed to the servers in the untrusted.
    As I have been using a firewall between the sites I allowed the site servers communication over the following ports.
    80,443,445, 135,1027, 49152-65535
    Note: Without the RPC dynamic port range I got errors in SCCM distribution logs.
    Site servers to SQL was as standard. 1433,4022.

  • Managing untrusted forest

    Hi All,
    We have actually the following configuration with SCCM 2012 R2 CU4 :
    Same Forest, same Domain (2 x 2 DCs + AD DNS)
     + Primary Site Server with 300 clients  (MP,DP,SUP,SDB,SS,FSP,RSP)
     + Secondary site Server with 300 clients  (MP,DP,SUP,SDB,SS)
    distinct Untrusted Forest (2 DC + AD DNS)
     + 15 clients
    What's the best configuration to manage the untrusted forest ? I already checked the following link (http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx)
    what's the comm ports requirements ? clients + site system <-> primary site 
    Can we avoid the untrusted clients to access to the pri/sec site servers.
    We plan to add a site System to the primary site in the remote untrusted forest with MP,DP,SUP Roles)
    (afaik a secondary site need trusts which is not permitted)
    We need Inventory, Software Distribution, Windows Updates features on the untrusted forest
    Link between primary and secondary site is ~16Mb/s
    Link between primary and untrusted forest is about ~16Mb/s
    Link between secondary site and untrusted forest is about ~1Gb/s
    Thanks a lot !

    Port used by ConfigMgr is well explained here:
    https://technet.microsoft.com/en-us/library/hh427328.aspx#BKMK_CommunicationPorts
    In addition, be aware that for discovering computers in untrusted forest you need to open port 53 (DNS) between the SCCM server and remote DC (in untrusted forest) OR create a secondary DNS zone for the untrusted forest in your DNS.
    Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

  • MP Rotation Untrusted Forest.

    Hi, 
    I realize you cannot force a client to use a particular MP, which is creating a design problem for us.
    We have multiple DMZs in an untrusted forest.
    I am not sure how to get around this problem.
    The clients cannot communicate with an MP outside of that DMZ.
    If I have 20 DMZs, and a MP in each, will this not create an MP rotation issue at some point?
    I came across this posting by Anoop, is the only workaround?
    http://anoopcnair.com/2014/04/11/workaround-sccm-2012-clients-mp-selection-rotation-issue-untrusted-dmz-forests/
    Appreciate any suggestions.

    Is there a single, shared forest (or domain) for all DMZ or a separate forests (or domains) for each DMZ?
    The workaround describe in that blog post is for the perception of a bug, not for providing for MP selection.
    Yes, MP rotation could cause an issue -- 20 MPs aren't supported within a single primary site either so you are also running into a support limitation.
    Depending upon your answer to the forest question, LocationAware is probably the only answer today (without doing something crazy like using multiple primary sites).
    Reverse proxy is another possible solution. This would enable a single MP (or sets of central MPs) to be accessed in a protected manner.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • SCCM 2012SP1 - Cross Forest Scenario

    Guys/Girls
    I've configured a cross forest SCCM scenario, with all the SCCM config in one Forest and a single Windows XP SP3 desktop in the other. There is a trust between both Forests/2-way external but I haven't added Forests/Domain to SCCM to enable searching
    etc. I deployed the agent manually in the external Forest using a mapped drive and ccmsetup /mp:........ this all works fine.
    After installation, after the client is approved, when I click on the client in the SCCM console and try to initiate any of the "right-click" features, I just get a stack of access denied errors back "0x80070005". I've tried rebuilding
    WMI, re-installing the client to no avail. Im thinking that its related to the cross forest config but I see no provision for setting up external credentials for the other forest - am I right in thinking that the only account that needs to be configured is
    the "Network Access Account" that the agent uses to make network connections (the rest being run under the guise of the "Local System" account) if so - this is already done too.
    I'm not seeing any access denied entries on the XP desktop and I've been through the DCOM config and local policy to make adjustments/slacken off the permissions...still no dice.
    Am I chasing my tail with this? can I manage a client from the console that actually sits outside of the Forest where the SCCM installation is actually installed?
    The installation is pretty much inline with scenario 1 from the following blog:
    http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
    -a

    Reading more closely, I notice now that you said "right-click tools". That explains it as those truly have nothing to do with ConfigMgr. Essentially, what all right-click tools are are individual scripts run on your local system that directly connect
    to the remote system to perform an action. The console initiates these scripts but that's it. Thus, the credentials of the user logged into the console are used to launch those scripts and the problem here is that the user you are running the console
    as does not have permissions to remotely connect to that remote system.
    As mentioned, this has nothing to do with ConfigMgr though because ConfigMgr never ever connects to remote clients -- call client agent communication is initiated by the client.
    Thus, the right-click tools, while sometimes/often useful, should not be confused with native ConfigMgr functionality.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • Untrusted Forest

    Hi
    I have a forest (Internal) and I have another forest (External).
    SCCM 2012 R2 and SQL 2012 is installed in the "internal forest", I would like to add a new forest (external) to my SCCM setup which is "Untrusted". The two forests  are not trusted across domains or
    forests (internal and external).
    Currently, I have clients in a workgroup capable of communicating with the "external" forest.
    My question:  
    1- It's possible to install a MP and DP in  the external forest ? because i have clients within a  workgroup that I would like to manage through that MP and DP.
    If so, HOW TO PLEASE!?
    Thanks

    Yes this is possible.
    Take a look at the following blog entries which explains the process
    http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
    http://blogs.technet.com/b/neilp/archive/2012/08/21/cross-forest-support-in-configmgr-2012-part-2-forest-discovery-publishing-and-client-push-installation.aspx
    http://blogs.technet.com/b/neilp/archive/2012/08/24/cross-forest-support-in-configmgr-2012-part-3-deploying-site-server-site-systems-in-an-untrusted-forest.aspx
    Cheers
    Paul | sccmentor.wordpress.com

  • Deploying SCOM 2012 Agents to untrusted Forests/Domain

    Can we deploy SCOM 2012 agents to untrusted forest/domain? I don't want to use SCCM 2012 for installing agents via package deployment. Pls suggest.
    Regards,
    Ravi

    Yes, You can deploy SCOM Agent to untrusted domain manually and using Certificate.
    For deployment scom Agent, you can refer below links
    http://www.toolzz.com/?p=279
    http://jimmoldenhauer.blogspot.com/2012/11/scom-2012-deploying-agents-to-untrusted.html
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
    Mai Ali | My blog: Technical | Twitter:
    Mai Ali

  • Reporting Services in SCCM Console (Cross Connect)

    Hi,
    we have a cas - primary site setup and have a reporting point on our cas server.
    when connecting to the cas server with the sccm console from a client i see all reports and all is fine.
    when connecting to the primary site server and type in the cas server in the reporting services pane i see no reports.
    i thought that's possible. i can open the .../reportserver website with the client of course.
    thx
    steffen

    Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.
    Garth Jones | My blogs: Enhansoft and
    Old Blog site | Twitter:
    @GarthMJ

  • Sccm console on windows 8.1 - window display issue

    I'm currently using a surface pro 2 with win 8.1 enterprise (sccm is 2012 r2).  Overall the surface is a great piece of hardware.  One problem that I'm having is that the sccm console doesn't properly display wizard windows properly.  They
    are cut off, horizontily starting at the entire cancel button and to the right.  Some times it is a vertical issue, and I can't get to tall the options on a screen.  Please see the SS for an example of both horizontal and vertical cut offs.
    I had monkeyed with several setting on my profile, so I signed in with a different account that had no user profile on the machine....same issue.
    It's frustrating that some things I need to do on a very regular basis I now have to rdp into the server in order to do.  Has anyone else seen this and does anyone have any ideas for a solution?

    Hi,
    If I remember correctly that is a problem related to changing the Text Size to one of the below options.
    Medium - 125%. This sets text and other items to 125% of normal size.
    Larger - 150%. This sets text and other items to 150% of normal size. This option appears only if your monitor supports a resolution of at
    least 1200 x 900 pixels.
    If you change this does it work then?
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • Problem with Out of Band Discovery resulting with Out of Band features not available in SCCM console for computers with provisioned AMT device

    Hi,
    We configured the Out of Band component, but are using Intel SCS RCS to provision AMT devices remotely­. The remote configuration process with Intel SCS works fine; we are able to connect to the AMT web UI and we can use a free KVM tool to manage the computer
    remotely.
    The AMT devices are configured with AD integration, so an object is created for each of them in a specific OU. Also, an AD group is added to the AMT devices so remote PT Administration permission is granted to it. This group includes the ConfigMgr Site
    Server account, the account of the server running the Out of Band Service Point and my own user account.
    This configuration seems OK since when connecting to the AMT web UI, I use Windows Integrated authentication with my user account and can manage the device successfully.
    So the only step remaining is running the OOB discovery to enable Out of Band features for the computers in the SCCM console. We want to use the ConfigMgr OOB console. I right-click a computer or a collection and launch the AMT discovery. I check the OOB
    server log, I don't see errors; the OOB service point connects to the AMT device and discover a status of 4, which is Externally provisioned, as expected. The problem is the AMT Status, AMT Version and Provisioned AMT fields for the computer in the ConfigMgr
    console doesn't get updated, even after doing display refresh.
    Here's the amtopmgr.log (I changed computer name and IP address information to protect client privacy) :
    General Worker Thread Pool: Work thread 364 started SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    Discover COMPUTERA using IP address 192.168.12.7 SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    DoPingDiscoveryForAMTDevice succeeded. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    Flag iWSManFlagSkipRevocationCheck is not set. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    session params : https://COMPUTERA.contoso.com:16993   ,  11001 SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    DoWSManDiscovery succeeded with user name: admin. AMTStatus = 1. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    Start Kerberos Discovery SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    Flag iWSManFlagSkipRevocationCheck is not set. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    session params : https://COMPUTERA.contoso.com:16993   ,  484001 SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    DoKerberosWSManDiscovery succeeded. AMTStatus = 4. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    Discovery to IP address 192.168.12.7 16 15:16:32 364 (0x016C)
    CSMSAMTDiscoveryTask::Execute, discovery to STI17259CPCO succeed. AMT status is 4. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CSMSAMTDiscoveryTask::Execute - DDR written to E:\SMS\MP\OUTBOXES\ddr.box SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Fill Machine Property' SID=1 MUF=0 PCNT=5, P1='COMPUTERA' P2='' P3='COMPUTERA.contoso.com' P4='' P5='' SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Created state message file: E:\SMS\MP\OUTBOXES\StateMsg.box\6heghx71.SMX SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Unspecified' SID=10 MUF=0 PCNT=1, P1='COMPUTERA.contoso.com' 16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Created state message file: E:\SMS\MP\OUTBOXES\StateMsg.box\rmit91js.SMX SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    General Worker Thread Pool: Succeed to run the task COMPUTERA.contoso.com 16 15:16:32 364 (0x016C)
    General Worker Thread Pool: Work thread 364 has been requested to shut down. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    General Worker Thread Pool: Work thread 364 exiting. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    The Management Point is up and running.
    Any suggestion or advice is welcomed!
    Thank you
    Patrick

    I found something interesting on this problem, it seems the OOB discovery process is working fine, but for an unknown reason, the site server is not receiving the information from the OOB Service Point to update the AMT Status of the client in the SCCM
    database.
    The log tells me that a DDR file is created to be sent to the site server. When looking into the SMS\MP\Outboxes\ddr.box folder, I see about 50 DDR files, the oldest one is dated when I started testing OOB discovery.
    So the server is unable to send the files to the site server.
    Also, since I started this thread, I noticed another issue that could be related to this problem. The same server is also holding the State Migration Point role, it is working fine, but when doing USMT operations, the status of the computer association is
    not updated in the console (In Progress, Completed, missing USMT store path, etc.). When looking into the SMS folder on the server, I see a big backlog of SVF files containing information related to the SMP.
    I looked into the log files, but didn't find the errors yet to explain this.
    The computer account of the server is a member of the SMS_SiteSystemToSiteServerConnection_Stat_XXX group on the site server.
    Note that status messages are being sent successfully, I see them in the Monitoring node of the console under Component State, and there is no backlog in the SMS\MP\Outboxes\statemsg.box folder.
    Tnx for your help
    Patrick

  • Sccm console

    Hi,
    In our environment, we have configured  SMS provider role  on server  to have HA for SCCM console. After installing the console on server B , we are not able to connect to the site. Please error occurs

    Hi,
    Did you install an additional SMS Provider? or moved the existing one? can you log in the the Primary site server and start the console from there?
    Adding an extra SMS Provider for HA doesn' really help as the SCCM admin console asks the Primary site server for which SMS Provider it should use, it will give you better performance and HA for non console activities against the SCCM site, as powershell
    skripts e.t.c they can still run even if the Primary Site server is down.
    Regads,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

Maybe you are looking for

  • Sap treasury reporting - 01a shares

    Hi, We have requirement for shares Client purchased shares in different days and different prices some other expenses incurred during the purchase and sale transactions I want report on month end in the following manner Shares Expenses like brokerage

  • Who can help solve this XML/Servlet mystery?

    Hi, I'm developing a servlet that accepts an HTTP request, contacts a database, processes the request and return an XML document back to the browser. The XML document returned is dependent on which selection a user makes. The problem is that on first

  • I lost my ichat how do I get it back

    I lost my orginal ichat after I downloaded the beta how do I get my old one back

  • "No partition table found" Can't access to my DATA partition

    Hello friends! It's happened a catastrophe! Yesterday I was resizing partitions on my hard drive, divided in this way: 1: ext4 containing CHAKRA 2: swap 3: extended      3rd: DATA      And here there were all the other partiotions containing ARCH (/

  • TP S531 battery problem

    hey everyone,  have a TP 531 and its shows this in th lenovo solution home what i shoud do ?