Status message 4909, 4912, 4913, or 4915, or error code 8202 after you install Systems Management Server 2003 (830022)


The information in this article applies to:

  • Microsoft Systems Management Server 2003

SYMPTOMS

After you install Microsoft Systems Management Server (SMS) 2003, the Site Component Manager component may log the following status messages:

MessageID=4909
Severity=Error
Facility=Application
SymbolicName=SRVMSG_SITECOMP_CANNOT_FIND_SMS_AD_CONTAINER
Language=English
SMS Systems Management Server could not locate the "System Management" container in Active 
Directory.  Nor could it create a default container.  This will prevent Site Component Manager from 
updating or adding any objects to Active Directory. Possible cause: This site's  SMS Service 
account or the site server's machine account might not have the correct rights to update active 
directory.

Solution: Either give the Service Account rights to update the domain's System Container, or 
manually create the "System Management" container in this domain's Active Directory system 
container, and give the Service Account full rights to that container (and all children objects).
MessageID=4912

Systems Management Server cannot update the already existing object "System Management" in Active Directory.
MessageID=4913

Systems Management Server cannot create the object "System Management" in Active Directory.
MessageID=4915

Systems Management Server cannot delete the object "System Management" in Active Directory.

The following entries may appear in the Hman.log file:

System Management container exists.
Searching for SMS-Site-123 Site Object.
SMS-Site-123 doesn't exist, creating it.
SMS-Site-123 could not be created, error code = 8202

If you use the ExtADsch.exe tool, the following entries may appear in the ExtADsch.log file:

Failed to create class cn=MS-SMS-Management-Point. Error code = 8202.
Failed to create class cn=MS-SMS-Server-Locator-Point. Error code = 8202.
Failed to create class cn=MS-SMS-Site. Error code = 8202.
Failed to create class cn=MS-SMS-Roaming-Boundary-Range. Error code = 8202.
Failed to extend the Active Directory schema.

CAUSE

This problem may occur when the SMS Site Component Manager cannot locate or does not have the correct permission to manage the System Management container in the Active Directory directory service.

RESOLUTION

SMS must have permission to create or to modify the System Management container in Active Directory. To resolve this problem, use one of the following methods:
  • If your SMS 2003 site uses Advanced Security, grant the site server computer account Full Control permissions to the Active Directory System container and to all its child objects.
  • If your SMS 2003 site uses Standard Security, grant the site server SMS service account Full Control permissions to the Active Directory System container and to all its child objects.
To grant the appropriate permissions to the System container, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. On the View menu, click Advanced Features.
  3. Expand your domain tree, right-click the System container, and then click Properties.
  4. On the Security tab, click Add.
  5. Click Object Types. If SMS 2003 is configured to use Advanced Security, make sure that the Computers check box is selected. If SMS 2003 is configured to use Standard Security, make sure that the Groups and Users check boxes are selected. Click OK.
  6. If Advanced Security is turned on, type the name of the site server's machine account, click Check Names, and then click OK. If Standard Security is turned on, type the name of the SMS service account, click Check Names, and then click OK.
  7. In Group or user names, click the account that you added in step 6.
  8. In Permissions for Enterprise Admins, click to select the Full Control check box, and then click OK.
Restart the SMS Site Component Manager service to start updating Active Directory. You can monitor the Sitecomp.log file to see the status of the update.

You can use the ADSIEdit.exe utility to manually create the System Management container in the Active Directory System container. However, SMS must have permissions to manage the objects in the container.

If you manually create the container, you must make sure that the site server machine account (if you use Advanced Security) or the SMS Service account (if you use Standard Security) has Full Control permissions to the System Management container and to all its child objects.

If you manually create the System Management container, follow these steps to grant the correct permissions:
  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. On the View menu, click Advanced Features.
  3. Expand your domain tree, expand System, right-click the System Management container, and then click Delegate Control.
  4. Click Next, and then click Add.
  5. Click Object Types. If SMS 2003 is configured to use Advanced Security, make sure that the Computers check box is selected. If SMS 2003 is configured to use Standard Security, make sure that the Groups and Users check boxes are selected. Click OK.
  6. If Advanced Security is turned on, type the name of the site server's machine account, click Check Names, and then click OK. If Standard Security is turned on, type the name of the SMS service account, click Check Names, and then click OK.
  7. Click Next, click Create a custom task to delegate, and then click Next.
  8. Click This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
  9. Click to select the Full Control check box, and then click Next.
  10. Make sure that the information is correct, and then click Finish.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

Before SMS can publish to Active Directory, the Active Directory schema must be extended. You can extend the Active Directory schema when you install SMS 2003, or you can manually extend the schema by using the ExtADsch.exe utility. The ExtADsch.exe utility is located in the SMSSETUP\BIN\i386 folder on the SMS 2003 CD. For more information about extending the Active Directory schema for SMS 2003, see part 3, chapter 10 and part 4, chapter 15 of the SMS 2003 online Concepts, Planning and Deployment Guide. The status message details for SMS Site Component Manager may offer additional solutions. For the most current version of the Concepts, Planning and Deployment Guide, visit the following Microsoft Web site:

http://www.microsoft.com/resources/documentation/sms/2003/all/cpdg/en-us/default.mspx


For additional information about the Active Directory schema, click the following article numbers to view the articles in the Microsoft Knowledge Base:

216060 Registry modification required to allow write operations to schema

285172 Schema Updates Require Write Access to Schema in Active Directory

326310 How to manage the Active Directory schema in Windows Server 2003 Enterprise Edition

320054 How to manage the Active Directory schema in Windows 2000

310996 Active Directory services and Windows 2000 or Windows Server 2003 domains (part 1)

310997 Active Directory services and Windows 2000 or Windows Server 2003 domains (part 2)

To see the SMS 2003 release notes, visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/sms/sms2003/instreln.mspx

Modification Type:MajorLast Reviewed:8/14/2006
Keywords:kbActiveDirectory kbSCMan kbinterop kbSecurity kbnofix kbBug KB830022 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.