Anmelden
 
HomeLibraryDownloadsSupportWebcasts & EventsCommunityForenBlogs
Ressourcen für IT-Professionals >
Event IDs 20070 21016 (see end of Body for text to event log errors)

Answered Event IDs 20070 21016 (see end of Body for text to event log errors)

  • Mittwoch, 20. Mai 2009 17:21
     
     
    Anmelden
    0

    These events are only happening on 1 newly installed client.  I have deployed over 30 clients successfully.

    1st I have tried the following:
    1. Rename the PC
    2. Remove and then add PC back to the Domain
    3. Repair the agent
    4. Manually Uninstall and Re-install the agent.
    5. WUAUCLT /detectnow

    The following items are or can be done by the agent:
    1. Connect to the https://server:8531/SimpleAuthWebService/SimpleAuth.asmx
    2. The certificates are located in C:\Program Files\System Center Operations Manager 2007\Certificates
    3. Login to the SCE server via Kerbos
    4. The SCE server is only at 44 of the 50 client licenses so it is not out of licenses.
    5. I do not think I have dup SPN problem.
    6. Neither the client nor the server have a firewall enabled.

    In the SCE console the problem pc looks like this
    http://www.screencast.com/users/SeanMillington/folders/Jing/media/071010ee-a58a-4a49-8ccc-5cf746b735ad


    The all text to these all familair, yet largely unresloved events are:

    Event Type: Error
    Event Source: OpsMgr Connector
    Event Category: None
    Event ID: 20070
    Date:  5/19/2009
    Time:  12:49:43 PM
    User:  N/A
    Computer: WRK-PCXP2234
    Description:
    The OpsMgr Connector connected to darifair-sce.darifair.com, but the connection was closed immediately after authentication occured.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration.  Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: OpsMgr Connector
    Event Category: None
    Event ID: 21016
    Date:  5/19/2009
    Time:  12:49:55 PM
    User:  N/A
    Computer: WRK-PCXP2234
    Description:
    OpsMgr was unable to set up a communications channel to darifair-sce.darifair.com and there are no failover hosts.  Communication will resume when darifair-sce.darifair.com is both available and allows communication from this computer.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

Alle Antworten

  • Donnerstag, 21. Mai 2009 09:43
     
     
    Anmelden
    0
    These events occur when kerberose fails. If you have installed manually, please check under pending management and check reject manul option under administration -> security.

     
  • Donnerstag, 21. Mai 2009 18:05
     
     
    Anmelden
    0

    This system does not appear under pending managment.
    See
    http://www.screencast.com/users/SeanMillington/folders/Jing/media/df6ab29f-f8b6-47c3-922e-41efc42cb7d4 for picture

    Also the eventlog show a successful sign in by that PC on the SCE server see

    Event Type: Success Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 538
    Date:  5/21/2009
    Time:  2:04:28 PM
    User:  DARIFAIR\WRK-PCXP2234$
    Computer: DARIFAIR-SCE
    Description:
    User Logoff:
      User Name: WRK-PCXP2234$
      Domain:  DARIFAIR
      Logon ID:  (0x0,0xCECE82D)
      Logon Type: 3


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     
  • Freitag, 22. Mai 2009 10:02
    Moderator
     
     Beantwortet
    Anmelden
    0

    Hi Sean,

    Hi,

     

    Please check if duplicate SPNs are there or missing, use following query command:

     

    ldifde -f C:\*.txt -t 3268 -d dc=domain,dc=com -l serviceprincipalname -r (serviceprincipalname=*) -p subtree

    In the above command, replace DC=domain,DC=com with the DN of the domain

     

    If you find and remove duplicate SPNs, use setspn -D to delete all of the HealthService SPNs. Then, restart
    OpsMgr Health Service on the management server and let it register its SPNs with the correct logon account. For example:

     

    Using the example above, the setspn -D commands would be
    as follow:

    setspn -D MSOMHSvc/OPSMGRFA opsmgrfa
    setspn -D MSOMHSvc/OPSMGRFA.ChildDomainA.ForestA.local opsmgrfa

     

    Note you can find setspn.exe from Windows Server 2003 support tools.

     

    More information:

     

    http://www2.wolzak.com/index.php?option=com_content&task=view&id=15&Itemid=9

     

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1725806&SiteID=17

     

    Hope this helps.

     
  • Dienstag, 26. Mai 2009 14:29
     
     
    Anmelden
    0
    As shown below,  there are no duplicate SPNs for the SCE server


    dn: CN=DARIFAIR-SCE,OU=3 Darifair Server,DC=darifair,DC=com
    changetype: add
    servicePrincipalName: MSSQLSvc/darifair-sce.darifair.com:4252
    servicePrincipalName: MSOMHSvc/darifair-sce.darifair.com
    servicePrincipalName: MSOMHSvc/DARIFAIR-SCE
    servicePrincipalName: MSOMSdkSvc/darifair-sce.darifair.com
    servicePrincipalName: MSOMSdkSvc/DARIFAIR-SCE
    servicePrincipalName: SMTPSVC/DARIFAIR-SCE
    servicePrincipalName: SMTPSVC/darifair-sce.darifair.com
    servicePrincipalName: HOST/DARIFAIR-SCE
    servicePrincipalName: HOST/darifair-sce.darifair.com

    Also the workstation does not have a duplicate SPN either, so I do not think that this is the problem.

    Thanks
    Sean
     
  • Donnerstag, 18. Juni 2009 09:44
    Moderator
     
     
    Anmelden
    0
    Hi Sean,

    I'd like to suggest you delete this client from SCE console, remove it out of the domain, run newSID to get a new SID for this client, then add it to domain again, and use SCE console to deploy the agent, then check whether the error will still appear.

    NewSID v4.10

    http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
     
  • Donnerstag, 18. Juni 2009 12:34
     
     Beantwortet
    Anmelden
    0

    All,
    I opened up a ticket with Microsoft and the solution is below.

    The following solution has been provided to resolve your issue: SCE agent is not communicating the management server. A summary of the solution is detailed below.

    1. Symptom - Agents are not communicating with the SCE server


    2. Cause - We found the references of the group objects are not deleted properly, due to the same the SCE server configuration was messed up in the database.

    Event Type: Warning
    Event Source: OpsMgr Config Service
    Event Category: None
    Event ID: 29106
    Date:  6/3/2009
    Time:  11:16:52 AM
    User:  N/A
    Computer: ZZZZ-XXXX
    Description:
    The request to synchronize state for OpsMgr Health Service identified by "7e25551c-8075-ca49-2013-8abbd63688bb" failed due to the following exception "System.Runtime.Remoting.RemotingException: Could not find root connector uri named object. Root Health Service may not be running.

       at Microsoft.Mom.ConfigService.Networking.ConnectionFactory.Connection.Sender.get_RootConnectorUri()
       at Microsoft.Mom.ConfigService.Networking.ConnectionFactory.Connection.Sender.GetRootConnector()
       at Microsoft.Mom.ConfigService.Networking.ConnectionFactory.Connection.Sender.OnStateSyncResponse(String filename, Guid target, Boolean isManagementServer)

       at Microsoft.Mom.ConfigService.Networking.ConnectionFactory.Connection.OnStateSyncResponse(String filename, Guid target, Boolean isManagementServer)

       at Microsoft.Mom.ConfigService.Networking.ConnectionFactory.Connection.OnStateSyncRequestComplete(Boolean isSuccesful, Boolean isSourceValid, Guid source, String receivedCookie, String sentCookie, Stream response, Boolean isManagementServer)

       at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.CreateResponse(Managers managers)

       at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.Managers.Synchronize(OnDoSynchronizedWork onDoSynchronizedWork)

       at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.Execute(Managers managers)

       at Microsoft.Mom.ConfigService.Engine.ConfigurationEngine.CommunicationHelper.StateSyncRequestTask.Run(Guid source, String cookie, Managers managers, IConfigurationDataAccessor dataAccessor, Stream stream, IConnection connection)".

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    3. Resolution - After lot of troubleshooting we identified the object references in the Database using the bellow query.

    ==========================
    DECLARE @BaseManagedEntityInternalId int
    DECLARE @BaseManagedEntityId uniqueidentifier
    DECLARE @ViewName sysname
    DECLARE @Statement nvarchar(max)

    SET @BaseManagedEntityInternalId = 0

    WHILE EXISTS (SELECT * FROM BaseManagedEntity WHERE (BaseManagedEntityInternalId >

    @BaseManagedEntityInternalId))
    BEGIN
    SELECT TOP 1
    @BaseManagedEntityInternalId = bme.BaseManagedEntityInternalId
    ,@BaseManagedEntityId = bme.BaseManagedEntityId
    ,@ViewName = met.ManagedTypeViewName
    FROM BaseManagedEntity bme
    JOIN ManagedType met ON (bme.BaseManagedTypeId = met.ManagedTypeId)
    WHERE (bme.BaseManagedEntityInternalId > @BaseManagedEntityInternalId)
    AND (bme.IsDeleted = 0)
    ORDER BY BaseManagedEntityInternalId

    SELECT @Statement = 'IF NOT EXISTS (SELECT * FROM ' + QUOTENAME(@ViewName) + '
    WHERE BaseManagedEntityId = ''' + CAST(@BaseManagedEntityId AS varchar(50)) + ''')

    PRINT ''' + CAST(@BaseManagedEntityId AS varchar(50)) + ' ' + @ViewName + ''''
    EXECUTE(@Statement)
    END

    ==========================

    Objet references.
    ==========================

    76703F73-3FDB-7139-FE24-E710E660F0F3 MTV_DeploymentSettings
    AE3D3E72-4A1B-4272-E18A-9DE493FD75D4 MTV_DeploymentSettings
    B764D4C5-01C1-B551-BFB3-408410AB1F9F MTV_DeploymentSettings

    Then ran the bellow queries

    ==========================
    select fullname from basemanagedentity where basemanagedentityid = '<76703F73-3FDB-7139-FE24-E710E660F0F3 >'

    select fullname from basemanagedentity where basemanagedentityid = '< AE3D3E72-4A1B-4272-E18A-9DE493FD75D4 >'

    select fullname from basemanagedentity where basemanagedentityid = '< B764D4C5-01C1-B551-BFB3-408410AB1F9F >'
    ==========================

    Got the bellow  results
    ==========================
    System.SCE.MP.DeploymentSettings:cd4acda3-972b-480c-b2c6-a0853bb4077f.b2d324b7-c7a6-c427-d466-9d55cdb66709
    System.SCE.MP.DeploymentSettings:67342ee0-872a-4641-be1e-7fcfa30b344b.c4703e8f-4a7a-f1c8-f0fb-b3d07c250c73
    System.SCE.MP.DeploymentSettings:780ffd8a-0179-4b60-8c42-fd1ed05ff6e0.aea0d219-7c0a-dcc0-dd00-670ea6bc16b3

    Verified that the object mentioned in the above output are not  available in Operations console. We then took the back up of the OperationsManager DB and ran the bellow 3 queries for all the 3 GUIds, to remove the objects from Database.

    1. Begin TRAN

    DECLARE @DeploymentSettingsID as UniqueIdentifier
    DECLARE @Name as nVarChar(30)

    Set @DeploymentSettingsID = '76703F73-3FDB-7139-FE24-E710E660F0F3'

    update basemanagedentity
    set isdeleted = 1
    where basemanagedentityid = @DeploymentSettingsID

    2. COMMIT TRAN

    3. "exec  p_Detectandfixinstancespaceinconsistencies"

     

    Once it is done, Stopped all the three health, config and SDK service on RMS. Cleared the health service state folder. Start all the three SDK, Config, and health services on RMS.

    Now we started seeing the SCE server is downloading the latest config files and agents started communicating the server.

     
  • Freitag, 19. Juni 2009 09:20
    Moderator
     
     
    Anmelden
    0
    Hi Sean,

    Thanks for coming back and provide the answer.
     
  • Mittwoch, 25. April 2012 21:00
     
     
    Anmelden
    0

    Thanks for this post Sean!!!

    This worked like a charm... Please be noted that Query mentioned in Resolution starting with DECLARE @BaseManagedEntityInternalId int  took 1 hr 16 mins for me to execute in my case.



    Regards, Suresh