Secondary Site Still Pending
Greetings,
I attempted to install a secondary site on a server across the wire (which is on the same domain as the Primary Site server) and it has been in a pending state for quite a while now. Initially I was having trouble even getting it to install, but from what I can tell it does seem to be installed now as the following services now appear on the secondary server:
SMS Agent Host - Started - Automatic - Local SystemSMS Task Sequence Agent - not started - Manual - Local SystemSMS_EXECUTIVE - Started - Automatic - Local SystemSMS_SITE_BACKUP -not started- Manual - Local SystemSMS_SITE_COMPONENT_MANAGER - Started - Automatic - Local SystemSMS_SITE_VSS_WRITER - Started - Automatic - Local System
It looks as though the secondary server is talking to the primary, Here is an excerpt from the sender.log on the secondary server:
**************************************************************************
Connecting to C:\Program Files\Microsoft Configuration Manager\inboxes\schedule.box\outboxes\LAN.SMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)Found send request. ID: 2003FVAL, Dest Site: CSISMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)We have 0 active connectionsSMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)Checking for site-specific sending capacity. Used 0 out of 3.SMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)We have 0 active connectionsSMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)Created sending thread (Thread ID = 1BAC)SMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)Trying the No. 1 address (out of 1)SMS_LAN_SENDER2/28/2008 8:22:49 AM7084 (0x1BAC)No (more) send requests found to process.SMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)Waiting for new/rescheduled send requests, Maximum Sleep Time = 60 minutesSMS_LAN_SENDER2/28/2008 8:22:49 AM4732 (0x127C)FQDN for server PADMIS15 is PADMIS15.corp.netSMS_LAN_SENDER2/28/2008 8:22:49 AM7084 (0x1BAC)Passed the xmit file test, use the existing connectionSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Package file = C:\Program Files\Microsoft Configuration Manager\inboxes\schedule.box\tosend\0000007B.P5gSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Instruction file = C:\Program Files\Microsoft Configuration Manager\inboxes\schedule.box\tosend\0000007B.I21SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Checking for remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCKSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Checking for remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.SNISMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Checking for remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMPSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Attempt to create/open the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCKSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Created/opened the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCKSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Attempt to create/open the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCKSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Created/opened the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCKSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Sending Started [C:\Program Files\Microsoft Configuration Manager\inboxes\schedule.box\tosend\0000007B.P5g]SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Attempt to write 991 bytes to \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCK at position 0SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Wrote 991 bytes to \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCK at position 0SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Sending completed [C:\Program Files\Microsoft Configuration Manager\inboxes\schedule.box\tosend\0000007B.P5g]SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Attempt to create/open the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMPSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Created/opened the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMPSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Attempt to create/open the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMPSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Created/opened the remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMPSMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Sending Started [C:\Program Files\Microsoft Configuration Manager\inboxes\schedule.box\tosend\0000007B.I21]SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Attempt to write 396 bytes to \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMP at position 0SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Wrote 396 bytes to \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMP at position 0SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Sending completed [C:\Program Files\Microsoft Configuration Manager\inboxes\schedule.box\tosend\0000007B.I21]SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Renaming remote file \\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMP to \\PADMIS15.corp.net\SMS_SITE\2003FVAL.SNISMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Rename completed [\\PADMIS15.corp.net\SMS_SITE\2003FVAL.TMP]SMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)Sending completed successfullySMS_LAN_SENDER2/28/2008 8:22:50 AM7084 (0x1BAC)
**************************************************************************
Also, one other detail I should mention is that the AD schema has been extended. Any help would be greatly appreciated.
February 29th, 2008 12:02am
Since you have the following entries (just showing one sample entry), that means the site was able to send data to the parent site:
Wrote 991 bytes to \\PADMIS15.corp.net\SMS_SITE\2003FVAL.PCK
So you have permissions to transfer data, that means that part is OK. I bet if you looked at the despoolr.log on the primary site, you'd see some references to the keys not being available yet.
Part of the parent/child relationship is the transfer of keys that help verify that the data is valid. That happens automatically in AD, but it can take a while to do so. If this is the issue (according to the log), then you can manually transfer the keys if you don't want to wait. You can use a tool called Preinst.exe. The process is documented here:
http://technet.microsoft.com/en-us/library/bb693690.aspx
Give that a shot and see if it solves your problem (my guess is that it will - but check the logs first).
Free Windows Admin Tool Kit Click here and download it now
February 29th, 2008 12:25am
Below are the exerpts from the logs from when I tried manually tranfering the keys...
I highlighted the lines that seem suspect to me. Just a guess here, but does the sccm service account need to have schema admin access? I gave that account that level of access when I installed it but then took it away after it was installed as I didn't think that it needed that level of access any longer.
From hman.log on secondary server:
***************************************************************
Processing C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\CSI.CT5 file, containing 1 keys.SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)CPublicKeyLookup::UpdateCurrentKey("CSI", XXXX")SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)CPublicKeyLookup::UpdateCurrentKey() Checking C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\pubkey\CSI.pkp for Key0SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)CPublicKeyLookup::UpdateCurrentKey() Updating Key0SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)No child sites to forward CT5 file C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\CSI.CT5 to. Deleting.SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)Active Directory DS RootC=csi,DC=corpSMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)Searching for the System Management Container.SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)System Management container exists.SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464) Searching for SMS-Site-VAL Site Object.SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464) SMS-Site-VAL doesn't exist, creating it.SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)SMS-Site-VAL could not be created, error code = 5.SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)STATMSG: ID=4913 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_HIERARCHY_MANAGER" SYS=VALMIS15 SITE=VAL PID=3928 TID=5220 GMTDATE=Thu Feb 28 21:49:24.451 2008 ISTR0="SMS-Site-VAL" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)Wait for site control changes for maximum 3600 seconds...SMS_HIERARCHY_MANAGER2/28/2008 3:49:24 PM5220 (0x1464)***************************************************************
From the hman.log on the Primary server:
***************************************************************
Processing C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\VAL.CT4 file, containing 1 keys.SMS_HIERARCHY_MANAGER2/28/2008 3:47:05 PM7676 (0x1DFC)CPublicKeyLookup::UpdateCurrentKey("VAL", "XXXX")SMS_HIERARCHY_MANAGER2/28/2008 3:47:05 PM7676 (0x1DFC)CPublicKeyLookup::UpdateCurrentKey() Checking C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\pubkey\VAL.pkc for Key0SMS_HIERARCHY_MANAGER2/28/2008 3:47:05 PM7676 (0x1DFC)CPublicKeyLookup::UpdateCurrentKey() Updating Key0SMS_HIERARCHY_MANAGER2/28/2008 3:47:05 PM7676 (0x1DFC)No parent site to forward CT4 file C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\VAL.CT4 to. Deleting.SMS_HIERARCHY_MANAGER2/28/2008 3:47:05 PM7676 (0x1DFC)Wait for site control changes for maximum 3600 seconds...SMS_HIERARCHY_MANAGER2/28/2008 3:47:05 PM7676 (0x1DFC)***************************************************************
February 29th, 2008 1:07am
Never mind, I just wasnt patient enough after transferring the keys. It is showing as active now, thanks for your help!
Free Windows Admin Tool Kit Click here and download it now
February 29th, 2008 1:25am
Error 5 means access denied, so it appears the secondary site isn't publishing to AD. Since you said the secondary site doesn't have AD publishing rights, I'm not surprised this is occuring. I doubtthat this isresponsible for the secondary site showing as pending.
February 29th, 2008 1:28am
Error 5 is access denied, which implies that the secondary site server does not have rights to publish to AD. Each site that you want to have publish data to AD needs to be given Full Control rights to the System Management container and All Child Objects.
Free Windows Admin Tool Kit Click here and download it now
February 29th, 2008 3:21am
It looks like the primary server added the info into the System Management container, but I was still seeing error 5s on the secondary when it was trying to update the object in that container. I gave the secondary system access to that container and it seems happy now and the logis showing that itis updating the AD object successfully.
Thanks for your help!
February 29th, 2008 6:16pm
Yup every site that wants to publish needs rights to do so. Glad you got it working.
Free Windows Admin Tool Kit Click here and download it now
February 29th, 2008 7:38pm
Just to help out with similar problems in the future, I am going to post the two easy steps that are mandatory for creating a secondary site, but are not mentioned anywhere during the setup. 1: Make your primary server a member of the adminstrators group on your soon to be secondary server. This means adding the domain/computername. 2: Give your secondary server full control over the System -> System Management folder in Active Directory. Make sure you go to advanced and give these rights to "this object and all child objects". It took me about 4 hours and multiple installs to get these 2 things figured out, and both of them were posted nowhere together. Eddie
July 9th, 2009 6:21pm
A great walkthrough for installing a secondary site. You can ignore the last part about the MP, unless you need one on your secondary site. <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:1627400839 -2147483648 8 0 66047 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman","serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} a:link, span.MsoHyperlink {mso-style-noshow:yes; mso-style-priority:99; color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {mso-style-noshow:yes; mso-style-priority:99; color:purple; mso-themecolor:followedhyperlink; text-decoration:underline; text-underline:single;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} -->
http://exchangeserverinfo.com/2008/05/02/installation-and-configuration-of-secondary-site-server.aspx Eddie
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2009 5:46pm
I know this is an old post but I wanted to add an additional comment for secondary site installation on an RODC server since I had trouble finding a simple answer.
In addition to the steps Eddie specified.
Step 1 To configure Administrator Role Separation for an RODC -
http://technet.microsoft.com/en-us/library/cc732301(WS.10).aspx
To add the Primary Site server you need to add the Computer account.
For example, type add CONTOSO\SEATTLE_1$ administrators
3: Add the RODC computer account to the SMS_SiteToSiteConnection_<site code> group on the primary site server computer to enable site-to-site communications. as specified in the article
http://technet.microsoft.com/en-us/library/bb632811.aspx
November 8th, 2010 12:41pm