Hi , I have a couple of clients in an untrusted domain that i'm having a problem with, i can push the client to them but they will not get assigned to the site no matter what i do. All the other machines in the same domain are fine, i've set up the DNS records for the FQDN and the SRV and i assume it's all correct as all the others are using them but in the location services log for instance i get the error below:

Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domain lookup. DNS returned error 10061

In the clientIDManagerStarttup log i get this message - LOG[RegTask: Failed to refresh site code. Error: 0x8000ffff]

i've reinstalled the client and checked they are included in the boundaries and groups but still when i manually enter the details in the site tab on the client it says "Failed to update site assignment"

any ideas would be much appreciated 

Thanks

Well the first thing i would do on those client is validate the DNS configuration.

After that do a NSLOOKUP

set type=all
_mssms_mp_site code._tcp.fqdn-of-your-domain

example:_mssms_mp_PRI._tcp.sccmmp.contoso.com

Hi, thanks for your reply. The DNS seems fine which is why i can't understand the issue. I've just tried it again following your example and It validates the configuration ok and finds the srv record without any problems, any other ideas?

Can you try this from the computer with issue.

http://<ServerName>/sms_mp/.sms_aut?mpcert

Also you are sure the the entry they are getting from the nslook is the right one.

You need to do this from the computer having issue.

Also if you look at the ccmsetup.log do you see any other error when it try to contact the MP/DP ?

OK Nslookup entry is definitely correct and when I try the URL it comes back with the MP certificate, I assume that's correct?

There's no errors in the ccmsetup log it says it's exiting with return code 0 

confirm i'm doing all this from the server having the issue

thanks for your time so far

OK Nslookup entry is definitely correct and when I try the URL it comes back with the MP certificate, I assume that's correct?

There's no errors in the ccmsetup log it says it's exiting with return code 0 

confirm i'm doing all this from the server having the issue

thanks for your time so far

You saying from the server having issue. So just to make sure the server is running the client and the client on that server is having issue.?

On the client can you look at those log files please.

Start by looking at the locationservices.log to see if you are getting the info about the site and here the client need to point.

After look at the following CcmExec.log, PolicyAgentProvider.log, StatusAgent.log

Yes it's a server running the client and the client on that server is having the issue.

locationservices.log is the one i quoted in my question "Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domain lookup. DNS returned error 10061" which i understand is the DNS server refused the connection?

CCMExec.log and PolicyAgentProvider.log don't seem to have any errors but StatusAgent.log has the error below

LOG[Registration failed with error 0x80041010]LOG]!><time="11:46:42.771-60" date="07-27-2015" component="StatusAgent" context="" type="3" thread="3320" file="forwardproxy.cpp:203">

 

 

Does the local machine have the DNSSUFFIX properly configure to make the validation properly. Since they are in a another domain. I am almost 100% sure that the issue is the DNS.

Look at the article here:https://technet.microsoft.com/en-us/library/gg682055.aspx?f=255&MSPPError=-2147217396

https://social.technet.microsoft.com/Forums/en-US/93b7d72c-2220-42b9-8de4-3ea18ce2f877/publishing-default-management-point-to-dns?forum=configmanagerdeployment

Yes i've seen the article before and tried the DNSSUFFIX but no joy, unfortunately the guy with the issue doesn't reveal in any detail what he did to resolve it. I will try it again tomorrow, maybe I didn't do something correctly. I'll let you know what happens

cheers

Tried again today with the DNSSUFFIX during and after installation and it's still not working. I've installed the client in the same way to all the machines in this domain without any problems but there's just a couple that will not get assigned to the site. Any other ideas?

locationservices.log is the one i quoted in my question "Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domain lookup. DNS returned error 10061" which i understand is the DNS server refused the connection?

 

That is not enough information from the log. Try to assign the client manually again and provide some more lines from the log.

Ok sure, here it is:

<![LOG[Won't send a client assignment fallback status point message because the last assignment error matches this one.]LOG]!><time="11:30:27.455-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5048" file="fspclientdeployassign.cpp:197">
<![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:01.327-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
<![LOG[Attempting to retrieve lookup MP(s) from AD]LOG]!><time="11:32:01.336-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2351">
<![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:01.339-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="11:32:01.339-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:1047">
<![LOG[No lookup MP(s) from AD]LOG]!><time="11:32:01.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2383">
<![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="11:32:01.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2396">
<![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="11:32:01.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:3253">
<![LOG[Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domainname.local lookup. DNS returned error 10061]LOG]!><time="11:32:03.367-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lsad.cpp:3279">
<![LOG[No lookup MP(s) from DNS]LOG]!><time="11:32:03.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2425">
<![LOG[Client is set to use HTTPS when available. The current state is 224.]LOG]!><time="11:32:03.376-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="ccmutillib.cpp:412">
<![LOG[Failed to resolve 'SMS_SLP' from WINS]LOG]!><time="11:32:12.384-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lswins.cpp:472">
<![LOG[No lookup MP(s) from WINS]LOG]!><time="11:32:12.384-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2444">
<![LOG[Unable to find lookup MP(s) in Registry, AD, DNS and WINS]LOG]!><time="11:32:12.384-60" date="07-28-2015" component="LocationServices" context="" type="3" thread="5904" file="lsad.cpp:2456">
<![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:12.387-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="11:32:12.387-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:1047">
<![LOG[Attempting to retrieve lookup MP(s) from AD]LOG]!><time="11:32:12.407-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2351">
<![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
<![LOG[Domain joined client is in Intranet]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:1047">
<![LOG[No lookup MP(s) from AD]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2383">
<![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2396">
<![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:3253">
<![LOG[Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domainname.local lookup. DNS returned error 10061]LOG]!><time="11:32:14.412-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lsad.cpp:3279">
<![LOG[No lookup MP(s) from DNS]LOG]!><time="11:32:14.412-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2425">
<![LOG[Failed to resolve 'SMS_SLP' from WINS]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lswins.cpp:472">
<![LOG[No lookup MP(s) from WINS]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2444">
<![LOG[Unable to find lookup MP(s) in Registry, AD, DNS and WINS]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="3" thread="5904" file="lsad.cpp:2456">
<![LOG[LSGetAssignmentSiteCodeForSite: Failed to get assigned site code from AD and MP]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="3" thread="5904" file="lsad.cpp:4240">

I'm not sure if this helps at all but I've noticed that all the machines I'm having this issue on are SQL Servers. If anyone has any ideas I would be grateful 

Thanks

Ok finally this has been resolved. It turns out that apparently when the DNS string gets bigger it switches to using TCP instead of UDP on port 53 and this was initially blocked by the firewall. As soon as it was opened it worked. Thanks all for your help

Cheers

• Marked as answer by GDHUK 16 hours 11 minutes ago