Martin Reyes
New Member
- Messages
- 3
- Solutions
- 1
- Reaction score
- 0
- Points
- 1
Good morning,
We moved our SCCM site sever to a new server (OS and hardware too old). I am checking to make sure all components are running without errors. On SMS_AD_SECURITY_DISCOVERY_AGENT, SMS_AD_SYSTEM_DISCOVERY_AGENT, and SMS_AD_USER_DISCOVERY_AGENT, I get the error listed below :
<< Severity Error. Message ID: 5354.
Active Directory Security Group Discovery Agent failed to bind to container LDAP:// Error: 87D20001.
Possible cause: The AD container specified earlier might be invalid now. The Domain Controller is inaccessible.
Solution: Please verify that the AD container paths specified are valid. Confirm accessibility of the site server to the Domain Controller to be queried. >>
The SCCM computer account has access to the domain. I verified that I can do a LDAP query from the server to the DCs on the domain. I disabled the firewall temporarily ( issue happens with firewall enabled or not ). All paths are valid on the domain. Nothing deleted or moved.
There is an error in adsgdis.log which reads = There is no site exchange certificate created.
This is what I get in adsgdis.log =
INFO: -------- Finished to process search scope (GTC AD Groups) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.285+300><thread=28284 (0x6E7C)>
INFO: -------- Starting to process search scope (Student2) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.285+300><thread=28284 (0x6E7C)>
INFO: Processing search path: 'LDAP://path'.~ $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.285+300><thread=28284 (0x6E7C)>
There is no site exchange certificate created. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.291+300><thread=28284 (0x6E7C)>
site exchange certificate is not found. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.291+300><thread=28284 (0x6E7C)>
Failed to decrypt data using format 0. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.291+300><thread=28284 (0x6E7C)>
ERROR: Decryption failed~ $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
ERROR: Failed to enumerate directory objects in AD container LDAP://path $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
STATMSG: ID=5354 SEV=E LEV=M SOURCE="SCCM Server" COMP="SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT" SYS=SERVER SITE=XXX PID=5880 TID=28284 GMTDATE=Thu Nov 17 16:25:02.292 2022 ISTR0="LDAP://path" ISTR1="87D20001" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 LE=0X0 $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
INFO: -------- Finished to process search scope (Student2) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
INFO: Retrieving existing immediate search bases from DB. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: Succeed to load immediate search bases and their caring groups. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: -------- Starting to process search scope (Immediate search base) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: -------- Finished to process search scope (Immediate search base) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: Running stored procedure to flatten relationship. It might take long if there are many relationships under specified search base(s) $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.295+300><thread=28284 (0x6E7C)>
INFO: Succeeded running incremental sync stored procedure $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.662+300><thread=28284 (0x6E7C)>
INFO: Updating LastRefreshTime for the parents of the groups that are new or updated. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.662+300><thread=28284 (0x6E7C)>
INFO: Succeeded updating LastRefreshTime for the parents of new or updated groups. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.675+300><thread=28284 (0x6E7C)>
STATMSG: ID=5352 SEV=I LEV=M SOURCE="SCCM Server" COMP="SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT" SYS=SCCM Server SITE=XXX PID=5880 TID=28284 GMTDATE=Thu Nov 17 16:25:02.676 2022 ISTR0="3" ISTR1="0" ISTR2="0" ISTR3="0" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 LE=0X0 $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.676+300><thread=28284 (0x6E7C)>
*** Shutting Down ************************~ $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.677+300><thread=28284 (0x6E7C)>
Any assistance is appreciated,
Martin Reyes
We moved our SCCM site sever to a new server (OS and hardware too old). I am checking to make sure all components are running without errors. On SMS_AD_SECURITY_DISCOVERY_AGENT, SMS_AD_SYSTEM_DISCOVERY_AGENT, and SMS_AD_USER_DISCOVERY_AGENT, I get the error listed below :
<< Severity Error. Message ID: 5354.
Active Directory Security Group Discovery Agent failed to bind to container LDAP:// Error: 87D20001.
Possible cause: The AD container specified earlier might be invalid now. The Domain Controller is inaccessible.
Solution: Please verify that the AD container paths specified are valid. Confirm accessibility of the site server to the Domain Controller to be queried. >>
The SCCM computer account has access to the domain. I verified that I can do a LDAP query from the server to the DCs on the domain. I disabled the firewall temporarily ( issue happens with firewall enabled or not ). All paths are valid on the domain. Nothing deleted or moved.
There is an error in adsgdis.log which reads = There is no site exchange certificate created.
This is what I get in adsgdis.log =
INFO: -------- Finished to process search scope (GTC AD Groups) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.285+300><thread=28284 (0x6E7C)>
INFO: -------- Starting to process search scope (Student2) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.285+300><thread=28284 (0x6E7C)>
INFO: Processing search path: 'LDAP://path'.~ $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.285+300><thread=28284 (0x6E7C)>
There is no site exchange certificate created. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.291+300><thread=28284 (0x6E7C)>
site exchange certificate is not found. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.291+300><thread=28284 (0x6E7C)>
Failed to decrypt data using format 0. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.291+300><thread=28284 (0x6E7C)>
ERROR: Decryption failed~ $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
ERROR: Failed to enumerate directory objects in AD container LDAP://path $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
STATMSG: ID=5354 SEV=E LEV=M SOURCE="SCCM Server" COMP="SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT" SYS=SERVER SITE=XXX PID=5880 TID=28284 GMTDATE=Thu Nov 17 16:25:02.292 2022 ISTR0="LDAP://path" ISTR1="87D20001" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 LE=0X0 $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
INFO: -------- Finished to process search scope (Student2) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.292+300><thread=28284 (0x6E7C)>
INFO: Retrieving existing immediate search bases from DB. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: Succeed to load immediate search bases and their caring groups. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: -------- Starting to process search scope (Immediate search base) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: -------- Finished to process search scope (Immediate search base) -------- $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.293+300><thread=28284 (0x6E7C)>
INFO: Running stored procedure to flatten relationship. It might take long if there are many relationships under specified search base(s) $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.295+300><thread=28284 (0x6E7C)>
INFO: Succeeded running incremental sync stored procedure $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.662+300><thread=28284 (0x6E7C)>
INFO: Updating LastRefreshTime for the parents of the groups that are new or updated. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.662+300><thread=28284 (0x6E7C)>
INFO: Succeeded updating LastRefreshTime for the parents of new or updated groups. $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.675+300><thread=28284 (0x6E7C)>
STATMSG: ID=5352 SEV=I LEV=M SOURCE="SCCM Server" COMP="SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT" SYS=SCCM Server SITE=XXX PID=5880 TID=28284 GMTDATE=Thu Nov 17 16:25:02.676 2022 ISTR0="3" ISTR1="0" ISTR2="0" ISTR3="0" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 LE=0X0 $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.676+300><thread=28284 (0x6E7C)>
*** Shutting Down ************************~ $$<SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT><11-17-2022 11:25:02.677+300><thread=28284 (0x6E7C)>
Any assistance is appreciated,
Martin Reyes
