More on Microsoft SCCM

Posted on 2011-10-24
Last Modified: 2012-05-12
I tried to modify the schema following this guide in preparation for SSCM installation.

and I am getting the following errors. Any ideas?

<10-24-2011 15:08:28> Modifying Active Directory Schema - with SMS extensions.
<10-24-2011 15:08:28> DS Root:CN=Schema,CN=Configuration,DC=mydomain,DC=com
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-Site-Code.
<10-24-2011 15:08:29> Defined attribute cn=mS-SMS-Assignment-Site-Code.
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-Site-Boundaries.
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-Roaming-Boundaries.
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-Default-MP.
<10-24-2011 15:08:29> Defined attribute cn=mS-SMS-Device-Management-Point.
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-MP-Name.
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-MP-Address.
<10-24-2011 15:08:29> Defined attribute cn=mS-SMS-Health-State.
<10-24-2011 15:08:29> Defined attribute cn=mS-SMS-Source-Forest.
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-Ranged-IP-Low.
<10-24-2011 15:08:29> Defined attribute cn=MS-SMS-Ranged-IP-High.
<10-24-2011 15:08:29> Defined attribute cn=mS-SMS-Version.
<10-24-2011 15:08:29> Defined attribute cn=mS-SMS-Capabilities.
<10-24-2011 15:08:30> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
<10-24-2011 15:08:30> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
<10-24-2011 15:08:30> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
<10-24-2011 15:08:30> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
<10-24-2011 15:08:30> Failed to extend the Active Directory schema, please find details in "C:\ExtADSch.log".
Question by:cheto06

    Author Comment

    I should have mentioned that I am a Schema Admin but I am not running this command on my DC, but on the actual SCCM server.
    LVL 17

    Expert Comment

    Did you modify the CONFIGMGR_AD_SCHEMA file and rename every instance of DC=x to reflect your proper Domain?  You may have accidentally left out the bottom 4.

    Check for the following lines:

    dn: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=x
    dn: CN=MS-SMS-Server-Locator-Point,CN=Schema,CN=Configuration,DC=x
    dn: CN=MS-SMS-Site-Boundaries,CN=Schema,CN=Configuration,DC=x
    dn: CN=MS-SMS-Roaming-Boundary-Range,CN=Schema,CN=Configuration,DC=x

    Open in new window

    Correct the DC=x part, and re-run the schema import using ldifde.  If it fails again, let's see part of the output - sample output we'd like to see is:

    29: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=MGMT,DC=LOCAL
    Entry DN: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=MGMT,DC=LOCAL
    changetype: add
    Attribute 0) objectClass:top classSchema
    Attribute 1) cn:MS-SMS-Management-Point
    Attribute 2) subClassOf:serviceConnectionPoint
    Attribute 3) governsID:1.2.840.113556.
    Attribute 4) mayContain:cn mSSMSDeviceManagementPoint mSSMSMPAddress mSSMSMPName mSSMSDefaultMP mSSMSSiteCode
    Attribute 5) objectClassCategory:1
    Attribute 7) defaultHidingValue:TRUE
    Entry modified successfully.

    Open in new window


    Author Comment

    I assime your recommendation is usint the LDIFDE tool?

    I used the tool "extadsch.exe > c:\output.txt"  

    LVL 17

    Expert Comment

    Yeah I'd recommend using the LDIFDE tool :)  Attached is a "blank" CONFIGMGR_AD_SCHEMA.LDF that you can modify and then import using ldifde like so:


    It will automatically create an ldif.txt file with the results.


    Best to run this on the schema master.  Don't forget to change all instances of DC=x to reflect your DC.  For example, DC=microsoft,DC=com
    LVL 31

    Expert Comment

    Can you please run it again. I had this issue sometimes

    Author Comment

    Thank you, I ran it again but this time on the actual DC and it worked great.
    One more question though.

    I have created the  permissions on the System Management container in AD. It appears I am missing something.
    Please look at the attached image. I am sure I did everything according to the guide.
    The one in the background is mine (only two items showing) the guide shows 3.

    Any ideas?
    LVL 17

    Accepted Solution

    The extra one is the Server Locator Point (SLP).  The missing one will appear once you add the ConfigMgr server locator point.

     Adding Server Locator Point
    Windows-noob will guide you through adding the server locator point.  It's quite likely that he created his great screenshot (I love the crayon like text) after he added the server locator point.

    Author Comment

    Yes it showed up after I added the locator point. I am done with the installation and configuration but now
    I am getting a bunch of errors under site status > site name . ID 7000 and 7003.

    I don't have the WSUS server on the same box. I checked and I am running:
    Update Services
    Microsoft Corporation
    Version: 3.2.7600.226

    SMS WSUS Configuration Manager failed to monitor WSUS Server "SMSCCM01-V".

    Possible cause: WSUS Server version 3.0 SP1 and above is not installed or cannot be contacted.
    Solution: Verify that the WSUS Server version 3.0 SP1 or greater is installed. Verify that the IIS ports configured in SMS are same as those configured on the WSUS IIS website.
    LVL 17

    Expert Comment

    I'm sorry I cannot help you with that error.  I've not encountered it before.

    Please create a new question so that somebody else can assist you with this new error.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
    Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now