What's new
Forums on Intune, SCCM, and Windows 11

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

SOLVED Active Directory discovery failed after upgrade SCCM to 1910

  • Thread starter Thread starter mjklomp
  • Start date Start date
  • Replies Replies 10
  • Views Views 13K
Status
Not open for further replies.
M

mjklomp

New Member
Messages
4
Reaction score
0
Points
1
Hello All,

This week I updated SCCM to 1910 without any issues (all compnents were green). After that I applied the hotfix KB4538166 without issues.
But a few days later I saw my collections filled with Active Directory objects are all empty. So I checked the AD logfiles and I saw two specific errors in all of the three AD logfiles:

"D:\Program Files\Microsoft Configuration Manager\Logs\adsgdis.log"
"D:\Program Files\Microsoft Configuration Manager\Logs\adsysdis.log"
"D:\Program Files\Microsoft Configuration Manager\Logs\adusrdis.log"

ERROR: Failed to look up DNS forest GUID error = 1355
ERROR: Failed to enumerate directory objects in AD container LDAP://..............

The errors started right after the first update of 1910.

From my SCCM console I can browse to Active Directroy from all of the AD Discovery Methods.

I googled a lot on both errors but I cannot find any solution yet.

Maybe anyone here has seen this error before.

Please let me know.
 
Sort by date Sort by votes
Hi,

Try to restart your domain controller / DNS server and check again.
Make sure also that you don't have an issue with the DNS resolution, use nslookup to do it.
If you can upload the complete log of one AD discovery files and share it with us.
 
Upvote 0 Downvote
Hi Youssef,

It's not possible for me to restart the domain controllers (DNS servers) right now. I need to ask the customer tomorrow.
I don't have issues with the DNS resolution (I think). Checking with nslookup is working fine.

Last year I did an update from 1802 to 1810 without any issues. So I don't know why this is happening.

I uploaded one of the log files with the errors. Maybe someone is seeing what's going wrong.
 

Attachments

Upvote 0 Downvote
Hello,
I have the same isuse with the Actual CB, in the same domain and forest.
Account have read rights and more.

It seems to be a network issue... any idea?
 
Upvote 0 Downvote
Error code 1355 = "The specified domain either does not exist or could not be contacted."

In the console, whatever LDAP path you have configured is not discoverable or reachable from the site server. This could be a DNS issue, a firewall issue, a DC health issue, or something else all of which are outside the scope of visibility or control of ConfigMgr. You'll have to manually troubleshoot connectivity using common network tools and techniques like ping, telnet, portqry, and ldp to name just a few.
 
Upvote 0 Downvote
Hello All,
i have same issue :
ERROR: Failed to look up DNS forest GUID error = 1355
ERROR: Failed to enumerate directory objects in AD container LDAP://..............

if you have Solved solution please update Fix step.
 
Upvote 0 Downvote
Find a LDAP query tool and run it from sccm. See if it can find your AD. Try to ping a DC from your sccm server, if it resolve to an IP then DNS is fine. Finally, check from sccm server if you can telnet to a DC with port 389, if not then Firewall may block it.
 
Upvote 0 Downvote
Edy said:
Find a LDAP query tool and run it from sccm. See if it can find your AD. Try to ping a DC from your sccm server, if it resolve to an IP then DNS is fine. Finally, check from sccm server if you can telnet to a DC with port 389, if not then Firewall may block it.
Click to expand...

I installed SCCM Server at Child Domain


Infrastructure
  • ParentDomain.com
    • ChildDomain.com
    • SCCM01.ChildDomain.com (SCCM Server)
SCCM01.ChildDomain.com can telnet DC001.ChildDomain.com 389
but...
SCCM01.ChildDomain.com can not telnet DC01.ParentDomain.com 389

If i can not allow port 389 from DC01.ParantDomain.com,
Can i Fix Communication for Discovery from DC001.ChildDomain.com (Only Child Domain)
Can do it?

Thanks you for your support.
 
Upvote 0 Downvote
it depends, do you want your sccm to manage your parent domain, child domain or both? If both then you need to allow port 389 on your parent domain controller as well.
 
Upvote 0 Downvote
Edy said:
it depends, do you want your sccm to manage your parent domain, child domain or both? If both then you need to allow port 389 on your parent domain controller as well.
Click to expand...
i allow firewall port 389 from SCCMserver to Parent Domain
Discovery It's Worked.
Thanks you Edy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

  • PENDING Code 84 when running task sequence OSD
  • PENDING SCCM Update shows as failed with 0x8007045B after post update reboot on some endpoints.
  • PENDING Failed to end search job. Error = 0x80244022 ; But IIS is running and optimize
  • PENDING remove crowdstrike falcon sensor
  • PENDING Create New CMG VMSS availability issue

    • Forum statistics

    Threads
    7,188
    Messages
    28,061
    Members
    18,333
    Latest member
    Sreeja

    Latest posts

    Trending content
    Back
    Top