Verify site permissions to publish to Active Directory SCCM 2012 warning!
Hi there I corrected the problems as it says in your report but sitll coming back, any other solution how to get it done.
I do thank you for any help.
Are you running the pre-requisites for ConfigMgr?
If you have delegated the Primary Site server computer account Full control over the System Management container you need to restart the server for this to take effect.
If you have already done this and you are still getting the warning- carry on with the installation. I've seen this happen and everything has been OK after the install.
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson
I am in the same experience as Gerry, but would like to add that you *always* get this error if the permissions have been applied using a group membership instead of directly added to the computer account in AD.
Tim Nilimaa | Blog: http://infoworks.tv | Twitter: @timnilimaa
Similar Messages
-
Perms to specific reports folder in sccm 2012
Have set up access to certain reports based on security settings in sccm so accounts in specific AD group can access certain sccm reports via ssrs reporting web site. Utilized the very useful information in the links below. I have a request for
the group to access the network folder reports, but that means I would have to give RUN REPORT perms to the SITE permission in the security role, as that is the only group that includes the network folder. I don't want to give them access to the
rest of the stuff it includes, such as client push, client status, replication traffic, etc., as that would just cause confusion among the customer base. I don't want to give them anymore than they need. I tried giving the group rights to the individual
reports in the network folder, but the problem is that since there is no access to the folder itself without doing the above, they can't get to the reports. I could give them rights to the folder via SSRS but then SCCM would just overwrite that 15 minutes
later. Does anyone have any suggestions on this one? Thanks. : )
http://skamie.wordpress.com/2010/06/24/ssrs-and-uac/
http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/
http://social.technet.microsoft.com/Forums/en-US/configmanagergeneral/thread/8525cfa6-aaa4-4d34-a296-a9a8cb76e5a3/I'm not concerned about giving them more rights, I'm concerned about giving them access to reports that they don't need access to, otherwise there would be widespread confusion and misunderstanding. This, in turn, would generate anxiety-based
calls to the support desks, that I would like to avoid. I'm not trying to hide anything from them, I just don't want to cause undue worry and confusion. Make sense?
So don't give them access to reports that you don't want them to have. Here is a blog that will tell you how to grant access to one report.
http://be.enhansoft.com/post/2013/11/07/How-to-Grant-Permission-to-a-Single-SCCM-2012-SSRS-Report.aspx
http://www.enhansoft.com/ -
Hi,
We try to install sccm 2012 serondary site in server 2012. It always failed.
I used the rereqchek tools to check system enviroment locally. All passed.
The primary site installed in server 2012. Both server had granted the administrator permission.
Anyone can help to check the below Configmgrprereq.log
<01-16-2015 08:47:55> ********************************************
<01-16-2015 08:47:55> ******* Start Prerequisite checking. *******
<01-16-2015 08:47:55> ********************************************
<01-16-2015 08:47:55> Commandline :
"D:\Microsoft Configuration Manager\bin\x64\smsexec.exe"
<01-16-2015 08:47:55> Check Type: Secondary site
Site Server: DPServer.ms.com,
SQL Server: DPServer.ms.com,
SQL Named Instance: ,
Install Folder: d:\Program Files\Microsoft Configuration Manager\,
Setup Source Folder: D:\SCCM2012\Source
<01-16-2015 08:47:55> INFO: Executing prerequisite functions...
<01-16-2015 08:47:55> ===== INFO: Prerequisite Type & Server: SITE_SEC:DPServer.ms.com =====
<01-16-2015 08:47:55> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:47:55> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:47:55> INFO: CheckLocalSys is Admin of <DPServer.ms.com>.
<01-16-2015 08:48:08> DPServer.ms.com; Site server computer account administrative rights; Error; Configuration Manager Setup requires that the site server computer has administrative rights on
the SQL Server and management point computers.
<01-16-2015 08:48:08> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:48:08> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:48:08> INFO: Check Lanman service: <DPServer.ms.com>.
<01-16-2015 08:48:22> DPServer.ms.com; Check Server Service is running; Passed
<01-16-2015 08:48:30> INFO: OS version:0, ServicePack:0.
<01-16-2015 08:48:30> DPServer.ms.com; Unsupported site server operating system version for Setup; Error; Configuration Manager site systems can only be installed on systems running Windows Server
2008 SP2 or later.
<01-16-2015 08:48:34> INFO: Failed to get Active Directory membership information for computer DPServer.ms.com with 0.
<01-16-2015 08:48:34> DPServer.ms.com; Domain membership; Error; Configuration Manager site server components must be installed on computers that are members of a Windows domain.
<01-16-2015 08:48:40> INFO: Free disk space on target \\DPServer.ms.com\d$\. = 510158 MB
<01-16-2015 08:48:40> DPServer.ms.com; Free disk space on site server; Passed
<01-16-2015 08:48:47> DPServer.ms.com; Pending system restart; Passed
<01-16-2015 08:48:50> INFO: The server DPServer.ms.com is not read-only domain controller.
<01-16-2015 08:48:50> DPServer.ms.com; Read-Only Domain Controller; Passed
<01-16-2015 08:48:50> INFO: Check FQDN Length for site server: <DPServer.ms.com>.
<01-16-2015 08:48:50> DPServer.ms.com; Site Server FQDN Length; Passed
<01-16-2015 08:48:50> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:48:50> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:48:57> DPServer.ms.com; Microsoft XML Core Services 6.0 (MSXML60); Warning; MSXML 6.0 or later libraries are required for Configuration Manager console and Configuration Manager site
server installations. MSXML 6.0 is available for download at http://go.microsoft.com/fwlink/?LinkId=215744
<01-16-2015 08:49:03> DPServer.ms.com; Microsoft Remote Differential Compression (RDC) library registered; Error; Microsoft Remote Differential Compression (RDC) library must be registered for Configuration
Manager site server installation. Details at http://technet.microsoft.com/library/cc431377.aspx#RDC_for_Site_Servers.
<01-16-2015 08:49:03> INFO: Checking Windows Installer version on DPServer.ms.com.
<01-16-2015 08:49:13> INFO: Path of Windows Installer is <\\DPServer.ms.com\C$\Windows\System32\msi.dll>.
<01-16-2015 08:49:19> ERROR: Failed to determine Windows Installer version from path:<\\DPServer.ms.com\C$\Windows\System32\msi.dll> .
<01-16-2015 08:49:19> DPServer.ms.com; Microsoft Windows Installer; Error; Setup failed to verify the Windows Installer version, or the installed version of Windows Installer does not meet the minimum
requirement. Configuration Manager requires at least Windows Installer version 4.5.
<01-16-2015 08:49:19> INFO: Start Checking InstallSQLExpress on site server: DPServer.ms.com, SQL Server instance CONFIGMGRSEC
<01-16-2015 08:49:28> INFO: SQL Server Instance Names value was not found
<01-16-2015 08:49:28> INFO: IsPortUsedByAnySqlInstance port 1433.
<01-16-2015 08:49:39> INFO: TCP port 1433 is not in use by any other SQL Server instances.
<01-16-2015 08:49:49> INFO: Sql express: OS version:0, ServicePack:0.
<01-16-2015 08:49:49> ERROR: Cannot install sqlexpress 2012, not meet OS requirement: Windows server 2008 sp2, Windows server 2008 R2 sp1 or higher.
<01-16-2015 08:49:49> DPServer.ms.com; SQL Server Express on Secondary Site; Error; A SQL Server instance is already installed on the secondary site server using the instance name CONFIGMGRSEC,
or the specified TCP port is being used by another SQL Server instance, or OS version is not Windows Server 2008 sp2, Windows Server 2008 R2 sp1 or higher. Setup is unable to install SQL Server Express on the secondary site.
<01-16-2015 08:49:55> ERROR: Failed to connect to registry of DPServer.ms.com
<01-16-2015 08:49:55> DPServer.ms.com; Existing Configuration Manager server components on site server; Error; A site server or site system role is already installed on the computer selected for
site server installation. Remove the site or site system role from the computer, or select another computer for site server installation.
<01-16-2015 08:49:55> DPServer.ms.com; Firewall exception for SQL Server (stand-alone primary site); Passed
<01-16-2015 08:49:55> INFO: SQL Server computer <DPServer.ms.com>
<01-16-2015 08:49:55> INFO: SQL Server named instance <>
<01-16-2015 08:49:55> INFO: Install SQL Server Express on secondary site, skip checking.
<01-16-2015 08:49:55> DPServer.ms.com; SQL Server service running account; Passed
<01-16-2015 08:49:55> INFO: Install SQL Server Express on secondary site, skip checking.
<01-16-2015 08:49:55> DPServer.ms.com; Dedicated SQL Server instance; Passed
<01-16-2015 08:49:55> INFO: CheckSQLCollationSecondary
<01-16-2015 08:49:55> INFO: Installing SQL Server Express; skipping
<01-16-2015 08:49:55> DPServer.ms.com; Parent/child database collation; Passed
<01-16-2015 08:49:55> INFO: Checking .NET framework versions 3.5...
<01-16-2015 08:50:05> INFO: .NET is installed
<01-16-2015 08:50:05> DPServer.ms.com; Minimum .NET Framework version for Configuration Manager site server; Passed
<01-16-2015 08:50:05> INFO: Checking .NET version required for installing SQL Server Express for Secondary Site.
<01-16-2015 08:50:05> INFO: Checking .NET framework versions 4.0...
<01-16-2015 08:50:10> INFO: .NET is installed
<01-16-2015 08:50:11> DPServer.ms.com; Minimum .NET Framework version for SQL Server Express edition installation for Configuration Manager Secondary Site; Passed
<01-16-2015 08:50:11> INFO: CheckInstallSourceVersion <D:\SCCM2012\Source>
<01-16-2015 08:52:29> ERROR: Could not read install map from \\DPServer.ms.com\D$\\SCCM2012\Source\SMSSETUP\install.map (result 2)
<01-16-2015 08:52:29> DPServer.ms.com; Setup Source Version; Error; The product version in the source folder specified for secondary site installation does not match the version of the primary site.
<01-16-2015 08:52:29> INFO:CheckInstallSourcePath <DPServer.ms.com>
<01-16-2015 08:52:55> ERROR: Failed to call GetResultByRunningService
<01-16-2015 08:52:55> DPServer.ms.com; Setup Source Folder; Error; The computer account for the secondary site must have Read NTFS and share permissions to the Setup source folder and share. We
recommend that you do not use administrative shares (for example, C$ and D$) because they require the secondary site computer account to be an administrator on the remote computer.
<01-16-2015 08:52:55> INFO: Enter CheckSecSiteSqlOnSameMachine.
<01-16-2015 08:52:55> INFO: Installing SQL Server Express, skipping SQL Server check.
<01-16-2015 08:52:55> DPServer.ms.com; SQL Server on the Secondary Site Computer; Passed
<01-16-2015 08:52:55> INFO:CheckSupportedFQDNFormat <DPServer.ms.com>
<01-16-2015 08:53:04> INFO: NetBIOS <NZWHKVMAS020>
<01-16-2015 08:53:04> DPServer.ms.com; Primary FQDN; Passed
<01-16-2015 08:53:04> INFO:CheckMachineAccountHasADAccess <DPServer.ms.com>
<01-16-2015 08:53:30> ERROR: Failed to call GetResultByRunningService
<01-16-2015 08:53:30> DPServer.ms.com; Verify site server permissions to publish to Active Directory.; Warning; The site server might be unable to publish to Active Directory. The computer account
for the site server must have Full Control permissions to the System Management container in its Active Directory domain. You can ignore this warning if you have manually verified these permissions. For more information about your options to configure required
permissions, see http://go.microsoft.com/fwlink/p/?LinkId=233190.
<01-16-2015 08:53:30> INFO:CheckRemoteWMIConnection <DPServer.ms.com>
<01-16-2015 08:53:44> DPServer.ms.com; Remote Connection to WMI on Secondary Site; Passed
<01-16-2015 08:53:44> INFO: Check required collation of Sql Server.
<01-16-2015 08:53:44> INFO: LangID <409>
<01-16-2015 08:53:44> INFO: NOT primary site or CAS install, skipping check for reqired collation of SQL Server.
<01-16-2015 08:53:44> DPServer.ms.com; Required SQL Server Collation; Passed
<01-16-2015 08:53:44> ===== INFO: Prerequisite Type & Server: SQL:DPServer.ms.com =====
<01-16-2015 08:53:44> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping check for sysadmin role on SQL Server.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server sysadmin rights; Passed
<01-16-2015 08:53:44> INFO: Skip testing, no expand primary site specified.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server sysadmin rights for reference site; Passed
<01-16-2015 08:53:44> INFO: The rule 'Site server computer account administrative rights' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping Windows integrated security check.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server security mode; Passed
<01-16-2015 08:53:44> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:53:44> INFO: The rule 'Unsupported site server operating system version for Setup' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> INFO: The rule 'Domain membership' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> INFO: The rule 'Pending system restart' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server version check.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server version; Passed
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server Edition; Passed
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server Tcp Port; Passed
<01-16-2015 08:53:44> INFO: Checking if SQL Server memory is limited.
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server memory check.
<01-16-2015 08:53:44> DPServer.ms.com; Configuration for SQL Server memory usage; Passed
<01-16-2015 08:53:44> INFO: Checking if SQL Server memory is configured to reserve minimum memory.
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server memory allocation check.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server process memory allocation; Passed
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server case insensitive validation.
<01-16-2015 08:53:44> DPServer.ms.com; Case-insensitive collation on SQL Server; Passed
<01-16-2015 08:53:44> INFO: Check Machine FQDN: <DPServer.ms.com>.
<01-16-2015 08:53:44> INFO: getaddrinfo returned success.
<01-16-2015 08:53:44> DPServer.ms.com; Validate FQDN of SQL Server Computer; Passed
<01-16-2015 08:53:44> INFO: The rule 'Primary FQDN' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> ===== INFO: Prerequisite Type & Server: MP:DPServer.ms.com =====
<01-16-2015 08:53:44> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:53:44> DPServer.ms.com; Administrative share (Site system); Passed
<01-16-2015 08:53:44> INFO:CheckSiteSystemtoSQLConnectivity <DPServer.ms.com>
<01-16-2015 08:53:44> INFO: Installing secondary site, skipping SQL Server connectivity check.
<01-16-2015 08:53:44> DPServer.ms.com; Site System to SQL Server Communication; Passed
<01-16-2015 08:53:44> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:53:44> INFO: The rule 'Check Server Service is running' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:52> INFO: OS version:0, ServicePack:0.
<01-16-2015 08:53:52> DPServer.ms.com; Unsupported management point operating system version for Setup; Warning; Configuration Manager site systems can only be installed on systems running Windows
Server 2008 SP2 or later.
<01-16-2015 08:53:52> INFO: The rule 'Domain membership' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:54:05> INFO: Windows Cluster not found on DPServer.ms.com.
<01-16-2015 08:54:05> DPServer.ms.com; Windows Failover Cluster; Passed
<01-16-2015 08:54:05> INFO: The rule 'Pending system restart' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:54:05> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:54:05> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:54:05> INFO: The rule 'Microsoft XML Core Services 6.0 (MSXML60)' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:54:10> DPServer.ms.com; IIS service running; Warning; Internet Information Services (IIS) is required for some site system roles. You have selected to install a site system role that
requires IIS. Install IIS on the site system to continue setup.
<01-16-2015 08:54:39> ERROR: Failed to get WEBSVCEXT from Remote Service on DPServer.ms.com.
<01-16-2015 08:54:39> INFO: Failed to get IIS BITS Server Extensions state on DPServer.ms.com.
<01-16-2015 08:54:39> DPServer.ms.com; BITS installed; Warning; Background Intelligent Transfer Service (BITS) is required for the management point and distribution point site system roles. BITS
is not installed, IIS 6 WMI compatibility component for IIS7 is not installed on this computer or the remote IIS host, or Setup was unable to verify remote IIS settings because IIS common components were not installed on the site server computer. Also, check
if IIS/BITS services are running properly. Setup cannot continue until BITS is installed and enabled in the IIS settings.
<01-16-2015 08:55:08> ERROR: Failed to get WEBSVCEXT from Remote Service on DPServer.ms.com.
<01-16-2015 08:55:08> INFO: Failed to get IIS BITS Server Extensions state on DPServer.ms.com.
<01-16-2015 08:55:08> DPServer.ms.com; BITS enabled; Warning; Background Intelligent Transfer Service (BITS) is required for the management point and distribution point site system roles. BITS is
not installed, IIS 6 WMI compatibility component for IIS7 is not installed on this computer or the remote IIS host, or Setup was unable to verify remote IIS settings because IIS common components were not installed on the site server computer. Also, check
if IIS/BITS services are running properly. Setup cannot continue until BITS is installed and enabled in the IIS settings.
<01-16-2015 08:55:08> DPServer.ms.com; IIS HTTPS Configuration for management point; Passed
<01-16-2015 08:55:08> INFO: Stand-alone primary site or secondary site. Skip checking firewall settings for SQL Server
<01-16-2015 08:55:08> DPServer.ms.com; Firewall exception for SQL Server for management point; Passed
<01-16-2015 08:55:08> DPServer.ms.com; Administrative rights on management point; Passed
<01-16-2015 08:55:08> INFO:CheckV4ClientNotInstalled <DPServer.ms.com>
<01-16-2015 08:55:36> ERROR: Failed to call GetResultByRunningService
<01-16-2015 08:55:36> DPServer.ms.com; Client Version on Management Point Computer; Warning; You cannot install the management point on a computer with an earlier version of the Configuration Manager
client installed. Upgrade the client to the current version, remove the client, or select a different computer for the management point installation, and then try again.
<01-16-2015 08:55:36> ===== INFO: Prerequisite Type & Server: DP:DPServer.ms.com =====
<01-16-2015 08:55:36> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:55:36> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:55:36> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:55:36> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:55:49> DPServer.ms.com; Unsupported distribution point operating system version for Setup; Warning; Configuration Manager distribution point can only be installed on systems running
Windows Server 2003 or later.
<01-16-2015 08:55:49> INFO: The rule 'Domain membership' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:49> INFO: The rule 'Windows Failover Cluster' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:49> INFO: The rule 'Pending system restart' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:49> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:55:49> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:55:57> DPServer.ms.com; Microsoft XML Core Services 6.0 (MSXML60) for distribution point; Warning; MSXML 6.0 or later libraries are required for Configuration Manager console and
Configuration Manager site server installations. MSXML 6.0 is available for download at http://go.microsoft.com/fwlink/?LinkId=215744
<01-16-2015 08:55:57> INFO: The rule 'IIS service running' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:57> DPServer.ms.com; IIS HTTPS Configuration for distribution point; Passed
<01-16-2015 08:55:57> DPServer.ms.com; Administrative rights on distribution point; Passed
<01-16-2015 08:55:57> ***************************************************
<01-16-2015 08:55:57> ******* Prerequisite checking is completed. *******
<01-16-2015 08:55:57> ***************************************************
<01-16-2015 08:55:57> INFO: Updating Prerequisite checking result into the registry
<01-16-2015 08:55:57> INFO: Connecting to DPServer.ms.com registry
<01-16-2015 08:56:09> INFO: Setting registry values
<01-16-2015 08:56:16> ERROR: Failed to update prerequisite results into the registry; error = 1.<01-16-2015 08:48:08> DPServer.ms.com; Site server computer account administrative rights; Error; Configuration Manager Setup requires that the site server computer has administrative rights
on the SQL Server and management point computers.
Actually the administrative permission had been granted. -
Procedure performing a "Retry Secondary Site" Operation in SCCM 2012 R2 Secondary Server
Dear Brother,
My SCCM 2012 R2 Secondary Site Server, unfortunately crashed and required to be restored, doing this I end up performing a "Retry Secondary Site Operation.
One by one I am clearing out the errors but there are few remaining errors on the prerequisite checks:
1.[Failed]:The logon account for the SQL Server service cannot be a local user account, NT SERVICE\<sql service name> or LOCAL SERVICE. You must configure the SQL Server service to use a valid domain account, NETWORK SERVICE, or LOCAL SYSTEM.
Actions Done: SQL Related Services use Logon As Domain Account "Microsoft-Domain\BillAdmin" , but still the above message still appears in the logs.
Actions Done: None
2.[Failed]:The collation of the site database does not match the collation of the parent site's database. All sites in a hierarchy must use the same database collation.
3.[Failed]:The site server might be unable to publish to Active Directory. The computer account for the site server must have Full Control permissions to the System Management container in its Active Directory domain. You can ignore this warning if you have
manually verified these permissions. For more information about your options to configure required permissions, see
http://go.microsoft.com/fwlink/p/?LinkId=233190.
Actions Done: None, as this machine is previously a working Secondary site for 1 Year already. So I do not suspect anything from the current related configuration.
4.[Failed]: Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions.
Setup cannot continue.
Action Taken: Domain Account "Microsoft-Domain\BillAdmin" has a
Sysadmin roles and actually all the check boxes are chosen to acquire all SQL account roles"
5. [Failed]:Prerequisite checks complete with failure - check ConfigMgrPrereq.log
in the root of the primary site server system drive.
6[Failed]:Unable to complete secondary site server installation - check ConfigMgrSetup.log in the root of the secondary site server system drive.
ConfigMgrPrereq.log-Start
?<12-27-2014 23:39:35> ********************************************
?<12-27-2014 23:39:35> ******* Start Prerequisite checking. *******
?<12-27-2014 23:39:35> ********************************************
?<12-27-2014 23:39:35> Commandline :
"E:\Program Files\Microsoft Configuration Manager\bin\x64\smsexec.exe"
?<12-27-2014 23:39:35> Check Type: Secondary site
Site Server: SecondarySite2.microsoft.com,
SQL Server: SecondarySite2.microsoft.com,
SQL Named Instance: MSSQLSERVER,
Install Folder: E:\Program Files\Microsoft Configuration Manager\,
Setup Source Folder: E:\Source\SCCM2012-R2
?<12-27-2014 23:39:35> INFO: Executing prerequisite functions...
?<12-27-2014 23:39:35> ===== INFO: Prerequisite Type & Server: SITE_SEC:SecondarySite2.microsoft.com =====
?<12-27-2014 23:39:35> <<<RuleCategory: Access Permissions>>>
?<12-27-2014 23:39:35> <<<CategoryDesc: Checking access permissions...>>>
?<12-27-2014 23:39:35> INFO: CheckLocalSys is Admin of <SecondarySite2.microsoft.com>.
?<12-27-2014 23:39:43> SecondarySite2.microsoft.com; Site server computer account administrative rights; Passed
?<12-27-2014 23:39:43> <<<RuleCategory: System Requirements>>>
?<12-27-2014 23:39:43> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
?<12-27-2014 23:39:43> INFO: Check Lanman service: <SecondarySite2.microsoft.com>.
?<12-27-2014 23:39:44> SecondarySite2.microsoft.com; Check Server Service is running; Passed
?<12-27-2014 23:39:45> INFO: OS version:601, ServicePack:1.
?<12-27-2014 23:39:46> INFO: Target computer is a Windows server.
?<12-27-2014 23:39:46> SecondarySite2.microsoft.com; Unsupported site server operating system version for Setup; Passed
?<12-27-2014 23:39:46> SecondarySite2.microsoft.com; Domain membership; Passed
?<12-27-2014 23:39:47> INFO: Free disk space on target
\\SecondarySite2.microsoft.com\E$\. = 83157 MB
?<12-27-2014 23:39:47> SecondarySite2.microsoft.com; Free disk space on site server; Passed
?<12-27-2014 23:39:47> SecondarySite2.microsoft.com; Pending system restart; Passed
?<12-27-2014 23:39:48> INFO: The server SecondarySite2.microsoft.com is not read-only domain controller.
?<12-27-2014 23:39:48> SecondarySite2.microsoft.com; Read-Only Domain Controller; Passed
?<12-27-2014 23:39:48> INFO: Check FQDN Length for site server: <SecondarySite2.microsoft.com>.
?<12-27-2014 23:39:48> SecondarySite2.microsoft.com; Site Server FQDN Length; Passed
?<12-27-2014 23:39:48> <<<RuleCategory: Dependent Components>>>
?<12-27-2014 23:39:48> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
?<12-27-2014 23:39:48> SecondarySite2.microsoft.com; Microsoft XML Core Services 6.0 (MSXML60); Passed
?<12-27-2014 23:39:49> SecondarySite2.microsoft.com; Microsoft Remote Differential Compression (RDC) library registered; Passed
?<12-27-2014 23:39:49> INFO: Checking Windows Installer version on SecondarySite2.microsoft.com.
?<12-27-2014 23:39:50> INFO: Path of Windows Installer is <\\SecondarySite2.microsoft.com\C$\Windows\system32\msi.dll>.
?<12-27-2014 23:39:51> INFO: Msi.dll version is: <5.0.7601.17807> .
?<12-27-2014 23:39:51> SecondarySite2.microsoft.com; Microsoft Windows Installer; Passed
?<12-27-2014 23:39:51> INFO: Start Checking InstallSQLExpress on site server: SecondarySite2.microsoft.com, SQL Server instance MSSQLSERVER
?<12-27-2014 23:39:51> INFO: SQL Server Express installation was not selected.
?<12-27-2014 23:39:51> SecondarySite2.microsoft.com; SQL Server Express on Secondary Site; Passed
?<12-27-2014 23:39:52> SecondarySite2.microsoft.com; Existing Configuration Manager server components on site server; Passed
?<12-27-2014 23:39:52> SecondarySite2.microsoft.com; Firewall exception for SQL Server (stand-alone primary site); Passed
?<12-27-2014 23:39:52> INFO: SQL Server computer <SecondarySite2.microsoft.com>
?<12-27-2014 23:39:52> INFO: SQL Server named instance <MSSQLSERVER>
?<12-27-2014 23:39:53> SecondarySite2.microsoft.com; SQL Server service running account; Error; The logon account for the SQL Server service cannot be a local user account, NT SERVICE\<sql service
name> or LOCAL SERVICE. You must configure the SQL Server service to use a valid domain account, NETWORK SERVICE, or LOCAL SYSTEM.
?<12-27-2014 23:39:53> INFO: SQL Server computer <SecondarySite2.microsoft.com>
?<12-27-2014 23:39:53> INFO: SQL Server named instance <MSSQLSERVER>
?<12-27-2014 23:39:53> INFO: Cannot connect to registry key.
?<12-27-2014 23:39:53> SecondarySite2.microsoft.com; Dedicated SQL Server instance; Passed
?<12-27-2014 23:39:53> INFO: CheckSQLCollationSecondary
?<12-27-2014 23:39:53> INFO: Collation on <PrimarySite2DB.microsoft.com> <SQL_Latin1_General_CP1_CI_AS>
?<12-27-2014 23:41:27> ERROR: failed to get collation from secondary site
?<12-27-2014 23:41:27> SecondarySite2.microsoft.com; Parent/child database collation; Error; The collation of the site database does not match the collation of the parent site's database. All
sites in a hierarchy must use the same database collation.
?<12-27-2014 23:41:27> INFO: Checking .NET framework versions 3.5...
?<12-27-2014 23:41:28> INFO: .NET is installed
?<12-27-2014 23:41:28> SecondarySite2.microsoft.com; Minimum .NET Framework version for Configuration Manager site server; Passed
?<12-27-2014 23:41:28> INFO: Skipping check for .NET version, user did not select to install SQL Server Express for Secondary Site.
?<12-27-2014 23:41:28> SecondarySite2.microsoft.com; Minimum .NET Framework version for SQL Server Express edition installation for Configuration Manager Secondary Site; Passed
?<12-27-2014 23:41:28> INFO: CheckInstallSourceVersion <E:\Source\SCCM2012-R2>
?<12-27-2014 23:41:29> SecondarySite2.microsoft.com; Setup Source Version; Passed
?<12-27-2014 23:41:29> INFO:CheckInstallSourcePath <SecondarySite2.microsoft.com>
?<12-27-2014 23:42:14> SecondarySite2.microsoft.com; Setup Source Folder; Passed
?<12-27-2014 23:42:14> INFO: Enter CheckSecSiteSqlOnSameMachine.
?<12-27-2014 23:42:14> INFO: Target secondary site Machine <SecondarySite2.microsoft.com>
?<12-27-2014 23:42:14> INFO: SQL Server computer <SecondarySite2.microsoft.com>
?<12-27-2014 23:42:14> SecondarySite2.microsoft.com; SQL Server on the Secondary Site Computer; Passed
?<12-27-2014 23:42:14> INFO:CheckSupportedFQDNFormat <SecondarySite2.microsoft.com>
?<12-27-2014 23:42:15> INFO: NetBIOS <SECONDARYSITE2>
?<12-27-2014 23:42:15> SecondarySite2.microsoft.com; Primary FQDN; Passed
?<12-27-2014 23:42:15> INFO:CheckMachineAccountHasADAccess <SecondarySite2.microsoft.com>
?<12-27-2014 23:42:40> ERROR: Site server does not have create child permission on AD 'System Management'
?<12-27-2014 23:42:40> WARN: Site server does not have delete child permission on AD 'System Management'
?<12-27-2014 23:42:40> SecondarySite2.microsoft.com; Verify site server permissions to publish to Active Directory.; Warning; The site server might be unable to publish to Active Directory. The computer
account for the site server must have Full Control permissions to the System Management container in its Active Directory domain. You can ignore this warning if you have manually verified these permissions. For more information about your options to configure
required permissions, see
http://go.microsoft.com/fwlink/p/?LinkId=233190.
?<12-27-2014 23:42:40> INFO:CheckRemoteWMIConnection <SecondarySite2.microsoft.com>
?<12-27-2014 23:42:48> SecondarySite2.microsoft.com; Remote Connection to WMI on Secondary Site; Passed
?<12-27-2014 23:42:48> INFO: Check required collation of Sql Server.
?<12-27-2014 23:42:48> INFO: LangID <409>
?<12-27-2014 23:42:48> INFO: NOT primary site or CAS install, skipping check for reqired collation of SQL Server.
?<12-27-2014 23:42:48> SecondarySite2.microsoft.com; Required SQL Server Collation; Passed
?<12-27-2014 23:42:48> ===== INFO: Prerequisite Type & Server: SQL:SecondarySite2.microsoft.com =====
?<12-27-2014 23:42:48> <<<RuleCategory: Access Permissions>>>
?<12-27-2014 23:42:48> <<<CategoryDesc: Checking access permissions...>>>
?<12-27-2014 23:42:48> INFO:RemoteCheckAdminOnSQL <SecondarySite2.microsoft.com>, SQL Server <SecondarySite2.microsoft.com>
?<12-27-2014 23:44:33> SecondarySite2.microsoft.com; SQL Server sysadmin rights; Error; Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions
on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions. Setup cannot continue.
?<12-27-2014 23:44:33> ===== INFO: Prerequisite Type & Server: MP:SecondarySite2.microsoft.com =====
?<12-27-2014 23:44:33> <<<RuleCategory: Access Permissions>>>
?<12-27-2014 23:44:33> <<<CategoryDesc: Checking access permissions...>>>
?<12-27-2014 23:44:33> SecondarySite2.microsoft.com; Administrative share (Site system); Passed
?<12-27-2014 23:44:33> INFO:CheckSiteSystemtoSQLConnectivity <SecondarySite2.microsoft.com>
?<12-27-2014 23:44:33> INFO: Installing secondary site, skipping SQL Server connectivity check.
?<12-27-2014 23:44:33> SecondarySite2.microsoft.com; Site System to SQL Server Communication; Passed
?<12-27-2014 23:44:33> <<<RuleCategory: System Requirements>>>
?<12-27-2014 23:44:33> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
?<12-27-2014 23:44:33> INFO: The rule 'Check Server Service is running' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:44:34> INFO: OS version:601, ServicePack:1.
?<12-27-2014 23:44:35> INFO: Target computer is a Windows server.
?<12-27-2014 23:44:35> SecondarySite2.microsoft.com; Unsupported management point operating system version for Setup; Passed
?<12-27-2014 23:44:35> INFO: The rule 'Domain membership' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:44:36> INFO: Windows Cluster not found on SecondarySite2.microsoft.com.
?<12-27-2014 23:44:36> SecondarySite2.microsoft.com; Windows Failover Cluster; Passed
?<12-27-2014 23:44:36> INFO: The rule 'Pending system restart' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:44:36> <<<RuleCategory: Dependent Components>>>
?<12-27-2014 23:44:36> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
?<12-27-2014 23:44:36> INFO: The rule 'Microsoft XML Core Services 6.0 (MSXML60)' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:44:36> SecondarySite2.microsoft.com; IIS service running; Passed
?<12-27-2014 23:45:35> INFO: CheckWebSvcExtnRemote, result:<7>.
?<12-27-2014 23:45:35> SecondarySite2.microsoft.com; BITS installed; Passed
?<12-27-2014 23:47:00> INFO: CheckWebSvcExtnRemote, result:<7>.
?<12-27-2014 23:47:01> WARN: BITS Service is not running on SecondarySite2.microsoft.com.
?<12-27-2014 23:47:01> SecondarySite2.microsoft.com; BITS enabled; Passed
?<12-27-2014 23:47:01> SecondarySite2.microsoft.com; IIS HTTPS Configuration for management point; Passed
?<12-27-2014 23:47:01> INFO: Stand-alone primary site or secondary site. Skip checking firewall settings for SQL Server
?<12-27-2014 23:47:01> SecondarySite2.microsoft.com; Firewall exception for SQL Server for management point; Passed
?<12-27-2014 23:47:01> SecondarySite2.microsoft.com; Administrative rights on management point; Passed
?<12-27-2014 23:47:01> INFO:CheckV4ClientNotInstalled <SecondarySite2.microsoft.com>
?<12-27-2014 23:47:45> SecondarySite2.microsoft.com; Client Version on Management Point Computer; Passed
?<12-27-2014 23:47:45> ===== INFO: Prerequisite Type & Server: DP:SecondarySite2.microsoft.com =====
?<12-27-2014 23:47:45> <<<RuleCategory: Access Permissions>>>
?<12-27-2014 23:47:45> <<<CategoryDesc: Checking access permissions...>>>
?<12-27-2014 23:47:45> <<<RuleCategory: System Requirements>>>
?<12-27-2014 23:47:45> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
?<12-27-2014 23:47:47> SecondarySite2.microsoft.com; Unsupported distribution point operating system version for Setup; Passed
?<12-27-2014 23:47:47> INFO: The rule 'Domain membership' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:47:47> INFO: The rule 'Windows Failover Cluster' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:47:47> INFO: The rule 'Pending system restart' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:47:47> <<<RuleCategory: Dependent Components>>>
?<12-27-2014 23:47:47> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
?<12-27-2014 23:47:47> SecondarySite2.microsoft.com; Microsoft XML Core Services 6.0 (MSXML60) for distribution point; Passed
?<12-27-2014 23:47:47> INFO: The rule 'IIS service running' has been run on server 'SecondarySite2.microsoft.com', skipped.
?<12-27-2014 23:47:47> SecondarySite2.microsoft.com; IIS HTTPS Configuration for distribution point; Passed
?<12-27-2014 23:47:47> SecondarySite2.microsoft.com; Administrative rights on distribution point; Passed
?<12-27-2014 23:47:48> ***************************************************
?<12-27-2014 23:47:48> ******* Prerequisite checking is completed. *******
?<12-27-2014 23:47:48> ***************************************************
?<12-27-2014 23:47:48> INFO: Updating Prerequisite checking result into the registry
?<12-27-2014 23:47:48> INFO: Connecting to SecondarySite2.microsoft.com registry
?<12-27-2014 23:47:50> INFO: Setting registry values
ConfigMgrPrereq.log-End
Well my question is what would be the best solutions as it bugs me for days now.
Regards,Hello,
?<12-27-2014 23:44:33> SecondarySite2.microsoft.com;
SQL Server sysadmin rights; Error;
Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions.
Setup cannot continue.
Did you install SQL server with a local account?
?<12-27-2014 23:41:27> SecondarySite2.microsoft.com;
Parent/child database collation; Error;
The collation of the site database does not match the collation of the parent site's database.
All sites in a hierarchy must use the same database collation.
Try this blog:
http://jthys.wordpress.com/2012/04/02/sccm-2012-required-sql-server-collation/
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
What is the Best Practice for publishing Offline Root CA Cert and CRL to Active Directory?
Hi,
I've read and seen in a few labs different approaches to what is published in Active Directory for a Offline Root CA. I've seen just the Root Cert published to AD as well as the Root Cert and the Root CRL published to AD.
I can understand why the Root Cert is published to AD, but why would the Root CRL need to be published to AD, especially if my Offline Root CA just issues the Cert for my Subordinate Issuing CA? So looking for Best Practices here.
Thanks for your help! SdeDotOn Sun, 22 Feb 2015 18:44:25 +0000, Andrzej Kazmierczak wrote:
Best practice is to publish CRL to 2 alternative paths - LDAP for your internal users to access them on the first place and HTTP as an alternative option to LDAP and as the only option for your external users.
No, the current recommended best practice is to publish to a highly
available HTTP location first (and possibly the only CDP) that is available
both internally and externally. This covers Windows and non-Windows
devices, domain joined and non-domain joined devices and internal and
external devices as well as multi-forest scenarios with no trust between
forests.
Paul Adare - FIM CM MVP -
Windows client error joining with Samba 4.2 Active Directory server
I have a basic samba 4.2 ADC setup on CentOS 7 and I get a RPC server not available whenever I attempt to join a windows client to the domain. The smb.conf is default on created during provisioning. All indicated pre-testing seems to work as expected. The windows client finds the domain and recognizes a valid user or not but the last step of joining the domain ends with the error "Unable to join the Domain RPC server not available. Does anyone have any ideas?
Thanks Paul
This topic first appeared in the Spiceworks CommunityI have a scenario for you in active directory when two passwords may be valid:
Old passwords can also work on domain controllers that have not received replication yet from either the domain controller the password was changed on, or the PDC emulator in the domain.
Let's take a scenario where we have a 3 site, 3 domain controller (DC) active directory: Site1 with DC1, site2 with DC2 and site3 with DC3.
The ACS application resides in Site3 and is configured to use DC3 for authentication. We have a user "user1" with a password of "123".
User1 decides to call the helpdesk and changes his password to "456".
The helpdesk uses DC1 to make password changes because they are located in site1. For a period of time (based on replication, which defaults to 3 hours between sites) the 123 password and the 456 password will be
valid.
If the user1 user tries the "123" password it will work until DC3 receives the changed password from normal replication. If user1 tries to use 456, DC3 will flag this as a wrong password, and then check the PDC
emulator of the domain to see if it has received a newer password. The PDC emulator will validate the login, and then trigger an immediate replication with DC3.
Regards,
~JG
Do rate helpful posts -
Printing to Active Directory Printer Share
I followed the instructions provided at AFP548 (http://www.afp548.com/article.php?story=20070108171607985) for printing from OS X to a printer that is "published" in Active Directory.
However, I am unable to actually add any printers using ksmb.
Nowhere do I see an "Advanced" option in the Printer Setup Utility, and the available options when clicking "More Printers" in the Printer Browser window are: Windows Printing, Bluetooth, and AppleTalk. There is no option for "Windows Printer via SAMBA with Kerberos support" and no place to enter a "ksmb://servername/printershare" URI.
I have tried this on OS X (10.4.8 and 10.4.9) and OS X Server (10.4.8 and 10.4.9), with the same results?
What am I doing wrong?Hi applyd
Don't take this the wrong way either...
No problem.
It's not difficult having to hold down one key one
time. But holding down a key, clicking a button,
dropping down a list, selecting an option, dropping
down another list, selecting another option, and then
finally getting to use the keyboard to specify what
printer I want to use, even once, let alone having do
to it over and over again for each printer, is, at
the very least, incredibly unnecessary. And it would
seem that Apple actually went "out of their way" to
implement this, which means it's more "difficult" for
everyone.
I take your point and it is a good one to make.
You may find this useful if you need to do this for a large user base. Set up your printers, make a copy of com.apple.prin.PrintCenter.plist from the Users/Home/Library/Preferences folder and push it out to all your users using ARD. This would mean you only have to set up your printers once. -
Cisco ACS 4.2 + Active directory + peap
Hello guys!
We have acs 4.2 SE + remoteAgent which is located on our DC. WLAN with wpa+wpa2[802.1x auth] has been configured and all working perfectly - domain users trying to connect and gets user\pass prompt, after it auth succesfull and wireless access granted. But its a bit complicated with non-domain users, when they trying to connect to this network they get windows security alert because machine authentication not passed(PC not in domain so ACS can't auth this users). So, if i enable machine authentication under external windows database setting, acs succesfully authenticated station but wont promt for user\password. How can we enable prompting for user\pass while still maintain machine auth ?
Thank you!I have a scenario for you in active directory when two passwords may be valid:
Old passwords can also work on domain controllers that have not received replication yet from either the domain controller the password was changed on, or the PDC emulator in the domain.
Let's take a scenario where we have a 3 site, 3 domain controller (DC) active directory: Site1 with DC1, site2 with DC2 and site3 with DC3.
The ACS application resides in Site3 and is configured to use DC3 for authentication. We have a user "user1" with a password of "123".
User1 decides to call the helpdesk and changes his password to "456".
The helpdesk uses DC1 to make password changes because they are located in site1. For a period of time (based on replication, which defaults to 3 hours between sites) the 123 password and the 456 password will be
valid.
If the user1 user tries the "123" password it will work until DC3 receives the changed password from normal replication. If user1 tries to use 456, DC3 will flag this as a wrong password, and then check the PDC
emulator of the domain to see if it has received a newer password. The PDC emulator will validate the login, and then trigger an immediate replication with DC3.
Regards,
~JG
Do rate helpful posts -
Upgrade from Windows Server 2012 Active Directory to Windows Server 2012 R2 Active Directory
We are currently running Windows Server 2012 Active Directory and would like to upgrade to Windows Server 2012 R2 AD. Is it OK to just do an in-place upgrade, or is it advisable to build new domain controllers on R2? Are there any guides or articles anyone
can recommend?Hi Ginandtonic,
To upgrade DC(Domain Controller) from windows server 2012 to windows server 2012 r2, please refer to these articles:
Upgrade from windows Server 2012 to 2012 R2
Upgrade Active Directory from 2012 to 2012 R2
I hope this helps.
Best Regards,
Anna -
For find activated lync client using SCCM 2012
Hi All,
In my current company we have in deployed lync client. But we are not sure how many clients are activated.
Is there any way to find which system got activated using SCCM 2012.
Please suggest and let me know any reference.
ThanksI really don't know, but I would guess that a file or registry key would change once it's activated. Basically, I would simply compare an activated system with a not activated system and look for the difference. Once you've located that you can create
a compliance setting to see how many system are actived, or not.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Active Directory Permissions to Profile Manager
Hopefully this will help anyone else who runs into this trouble.
OSX 10.9
Server App 3.0.1
We have a profile manager server setup using our Active Directory. After initial setup the system was working fine and all users could access the services.
In attempting to adjust the web service the permissions for service was turned on and domain users could no longer log in to enroll devices.
To resolve this issue I worked through the following steps.
In Server App > Groups found Domain Users (The group containing all users in the domain)
Clicked the Gear and choose Edit Access to Service
Checked off Profile Manager.
I then added Domain Users to the Local Workgroup and allowed the same access to services. This could be done with a different group if needed.
It may work at this point but as an additional step you can install the Workgroup manager tool from Apples Download site. http://support.apple.com/kb/DL1698
Log int to your Local Directory, I used /LDAPv3/127.0.0.1
Find the group you added the permissions to in the local domain and add your Active Directory Domain Users to that group.
Hope this saves someone else the annoyances I went through.So after a little more trouble shooting as well I ended up using ths post after a backup of the database.
To backup the database I use this Post - https://discussions.apple.com/thread/3791994
pg_dump -U _devicemgr -h /Library/Server/ProfileManager/Config/var/PostgreSQL/ -c device_management > $HOME/device_management.sql
And resetting the server app and database.
https://discussions.apple.com/message/23925691?tstart=15#23925691?tstart=15
Interstingly this pulled my old database info back in and restored some settings that had been lost. I'm not really sure why and wouldn't trust it to happen again.
My issue is now that AD users have to log in twice. The first time they get a denyed error. Then they log out and login on the same browser or a differnt computer al together and they can get in. -
Active Directory Forests Publishing Status
Hello,
I installed SCCM and my active directory Forest has Publishing Status: Insufficient access rights
Any idea how I can fix this? I searched on the internet and can not find it. Thanks.You need to give your SCCM server computer account in AD permissions to publish to the SystemsManagement container. That's where it publishes information to the forest.
http://social.technet.microsoft.com/Forums/en-US/ab6dc179-0348-4343-8c36-7e8b92313524/sccm-2012-system-management-container-in-ad?forum=configmanagergeneral -
Hello everyone
I have a network infrastructure consisting of 3 sites, site A, site B, and site C. i have 2 domain controllers on every site, and the AD roles are on the primary domain controller on site A. On site A I have an Exchange 2013sp1 CU6.
I want to create a second Exchange on Site B, with the roles of mailbox (the exchange on Site A will be first DAG member and the Exchange on Site B will be the second member of the DAG) and CAS.
First question: Is my thought correct about installaing on the same server mailbox and CAS server?
Second question: how many DAG witnesses I need for the DAG? One per site, or one in general (for example located on site A)
Third question: When I am trying to perform “Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” I receive the error
“ Setup encountered a problem while validating the state of Active Directory:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema can't be executed. See the Exchange setup log for more information on this error. For more information, visit:
http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
I tried to run the PrepareSchema from the ISO of Exchange 2013 SP1 and form the extracted content of Exchange 2013SP1 CU6 archive, but still receive the same error. Any ideas?
Thanks in advance.Thank you for your answer,
I have tried to run "Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” from
Exchange 2013 CU6 media, but I still receive the error:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema
can't be executed. See the Exchange setup log for more information on this error. For more information, visit:http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
any ideas? -
Have an existing ex2010 sp3 organization.
Could not run ex2013cu1 setup from my newly built 2012 server, getting the error in the subject line. I used the command line to run the AD preparation steps successfully from my 2012 DC/GC, then tried to run setup again from the new 2012 server and
still get the same error. The error itself in the log is pretty useless:
[05/07/2013 01:19:13.0137] [0] **********************************************
[05/07/2013 01:19:13.0137] [0] Starting Microsoft Exchange Server 2013 Cumulative Update 1 Setup
[05/07/2013 01:19:13.0137] [0] **********************************************
[05/07/2013 01:19:13.0152] [0] Local time zone: (UTC-08:00) Pacific Time (US & Canada).
[05/07/2013 01:19:13.0152] [0] Operating system version: Microsoft Windows NT 6.2.9200.0.
[05/07/2013 01:19:13.0152] [0] Setup version: 15.0.620.29.
[05/07/2013 01:19:13.0152] [0] Logged on user: DOMAIN\ADMINISTRATOR.
[05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='sourcedir', Value='\\h1\f$\junk\installers\server\Exchange\2013cu1'.
[05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='mode', Value='Install'.
[05/07/2013 01:19:13.0215] [0] RuntimeAssembly was started with the following command: '/sourcedir:\\SERVER\f$\junk\installers\server\Exchange\2013cu1 /mode:Install'.
[05/07/2013 01:19:13.0215] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:19:13.0793] [0] Finished loading screen CheckForUpdatesPage.
[05/07/2013 01:19:38.0762] [0] Finished loading screen UpdatesDownloadsPage.
[05/07/2013 01:19:40.0496] [0] Starting file's copying...
[05/07/2013 01:19:40.0496] [0] Setup copy files from '\\SERVER\f$\junk\installers\server\Exchange\2013cu1\Setup\ServerRoles\Common' to 'C:\Windows\Temp\ExchangeSetup'
[05/07/2013 01:19:40.0700] [0] Finished loading screen CopyFilesPage.
[05/07/2013 01:19:40.0840] [0] Disk space required: 1292445007 bytes.
[05/07/2013 01:19:40.0840] [0] Disk space available: 23767240704 bytes.
[05/07/2013 01:19:59.0762] [0] File's copying finished.
[05/07/2013 01:19:59.0965] [0] Finished loading screen InitializingSetupPage.
[05/07/2013 01:20:02.0934] [0] Setup is choosing the domain controller to use
[05/07/2013 01:20:09.0325] [0] Setup is choosing a local domain controller...
[05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
See the Exchange setup log for more information on this error.
[05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
[05/07/2013 01:20:11.0809] [0] Setup will use the domain controller ''.
[05/07/2013 01:20:11.0809] [0] Setup will use the global catalog ''.
[05/07/2013 01:20:11.0825] [0] Exchange configuration container for the organization is 'CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
[05/07/2013 01:20:11.0919] [0] Exchange organization container for the organization is 'CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
[05/07/2013 01:20:11.0966] [0] Setup will search for an Exchange Server object for the local machine with name 'WEX1'.
[05/07/2013 01:20:12.0028] [0] No Exchange Server with identity 'WEX1' was found.
[05/07/2013 01:20:12.0044] [0] The following roles have been unpacked:
[05/07/2013 01:20:12.0044] [0] The following datacenter roles are unpacked:
[05/07/2013 01:20:12.0044] [0] The following roles are installed:
[05/07/2013 01:20:12.0059] [0] The local server does not have any Exchange files installed.
[05/07/2013 01:20:12.0075] [0] Server Name=WEX1
[05/07/2013 01:20:12.0137] [0] Setup will use the path '\\SERVER\f$\junk\installers\server\Exchange\2013cu1' for installing Exchange.
[05/07/2013 01:20:12.0137] [0] The installation mode is set to: 'Install'.
[05/07/2013 01:20:27.0591] [0] An Exchange organization with name 'DOMAIN' was found in this forest.
[05/07/2013 01:20:27.0591] [0] Active Directory Initialization status : 'False'.
[05/07/2013 01:20:27.0591] [0] Schema Update Required Status : 'False'.
[05/07/2013 01:20:27.0591] [0] Organization Configuration Update Required Status : 'False'.
[05/07/2013 01:20:27.0591] [0] Domain Configuration Update Required Status : 'False'.
[05/07/2013 01:20:27.0841] [0] Applying default role selection state
[05/07/2013 01:20:27.0872] [0] Setup is determining what organization-level operations to perform.
[05/07/2013 01:20:27.0872] [0] Because the value was specified, setup is setting the argument OrganizationName to the value DOMAIN.
[05/07/2013 01:20:27.0872] [0] Setup will run from path 'C:\Windows\Temp\ExchangeSetup'.
[05/07/2013 01:20:27.0888] [0] InstallModeDataHandler has 0 DataHandlers
[05/07/2013 01:20:27.0888] [0] RootDataHandler has 1 DataHandlers
[05/07/2013 01:20:27.0903] [0] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. See
the Exchange setup log for more information on this error.
[05/07/2013 01:20:27.0935] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
See the Exchange setup log for more information on this error.
[05/07/2013 01:21:04.0154] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:21:04.0154] [0] End of Setup
[05/07/2013 01:21:04.0154] [0] **********************************************Hi,
The cause is clearly described in the log:
[05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
See the Exchange setup log for more information on this error.
[05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
I'd suggest you check NIC settings and AD configuration.
Hope it is helpful.
Fiona Liao
TechNet Community Support -
The user and the mailbox are in different Active Directory Sites
Hi All,
I have 2 site, each site have an Exchange Server 2010 SP1, let say Site HQ and Site DRC I monitored it with SCOM 2007 R2, site HQ successfully monitored, then I continue try to monitor DRC site. I executed new-TestCasConnectivityUser.ps1 at MBX DRC Site
to create extest user.
Then I try to execute command to test-connectivity, but it failed.
Test-OwaConnectivity -TestType:Internal -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true | fl
RunspaceId : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
AuthenticationMethod :
MailboxServer : CONMBX02.contoso.com
LocalSite : CONMBX02.contoso.com
SecureAccess : False
VirtualDirectoryName :
Url :
UrlType : Unknown
Port : 0
ConnectionType : Plaintext
ClientAccessServerShortName : DRCCAS01
LocalSiteShortName : CONMBX02
ClientAccessServer : DRCCAS01.contoso.com
Scenario : Reset Credentials
ScenarioDescription : Reset automated credentials for the Client Access Probing Task user on Mailbox server CON
MBX02.contoso.com.
PerformanceCounterName :
Result : Failure
Error : [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while t
rying to access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extes
t_xxxxxxxx
Additional information:
[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
different Active Directory sites..
UserName : extest_xxxxxxxx
StartTime : 04/01/2012 20:46:19
LaCONcy : 00:00:00.0156460
EventType : Error
LaCONcyInMillisecondsString :
Identity :
IsValid : True
WARNING: No Client Access servers were tested.
RunspaceId : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
Events : {Source: MSExchange Monitoring OWAConnectivity Internal
Id: 1005
Type: Error
Message: Couldn't access one or more test mailboxes.
The service that is being tested will not run against these mailboxes.
Detailed information:
Local Site:DRCProduction
[Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while trying to
access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extest_xxxxxxxx
Additional information:
[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in differen
t Active Directory sites..
PerformanceCounters : {Object: MSExchange Monitoring OWAConnectivity Internal
Counter: Logon LaCONcy
Instance: DRCCAS01.contoso.com|DRCProduction
Value: -1000}
any help appreciate it.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Krisna Ismayanto | My blogs:
Krisna Ismayanto | Twitter: @ikrisnaHi
Removed existing test account on two site.
Then created test account on DGC through new-TestCasConnectivityUser.ps1.
Flushed Health Service on RMS.
Terence Yu
TechNet Community Support
Hi
What do you mean on DGC ? you mean I have remove both test account or just at DRC site only ?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Krisna Ismayanto | My blogs:
Krisna Ismayanto | Twitter: @ikrisna
Maybe you are looking for
-
i am trying to upgrade to yosemite (for imac) from version 10.6.8 but even though i have 70gb available on my hard drive it wont let me upgrade because it says i dont have enough memory!! what can i do??
-
Jsp taglibs in include files not detected, throws errors, no code insight
I have a jsp which is included in all the other jsp. it looks something like this taglibs.jsp <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> <%@ taglib uri="http://ww
-
Main hd/library/reciepts - can these be deleted
I noticed when deleting some applications and deleting the applicationSupport, cashes, preferences, preferencePanes etc. that there are a lot of .pkg files in main hd/library/reciepts there is one for every application that has been installed on my m
-
N97 mini - restore not working
The restore function on my N97 mini seems not to work. I've setup my N97 to daily backup @ 06:00 due to an software error in the PC Suite I've lost all my messages. Yet when I restore the message the mailbox stays empty. How do I successfully restore
-
Cost center wise expense tracking
Dear all, We are using the reports KSB1 and FBL3N. When selected for a given period, the ammount displayed in both the reports are not tallying. Can anyone tell me the what could be the reason?,also tell me on what condition will KSB1 report get upda