locked
SCCM 2012 Client unable to get site assignment RRS feed

  • Question

  • Hi , I have a couple of clients in an untrusted domain that i'm having a problem with, i can push the client to them but they will not get assigned to the site no matter what i do. All the other machines in the same domain are fine, i've set up the DNS records for the FQDN and the SRV and i assume it's all correct as all the others are using them but in the location services log for instance i get the error below:

    Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domain lookup. DNS returned error 10061

    In the clientIDManagerStarttup log i get this message - LOG[RegTask: Failed to refresh site code. Error: 0x8000ffff]

    i've reinstalled the client and checked they are included in the boundaries and groups but still when i manually enter the details in the site tab on the client it says "Failed to update site assignment"

    any ideas would be much appreciated 

    Thanks


    Monday, July 27, 2015 3:46 PM

Answers

  • Ok finally this has been resolved. It turns out that apparently when the DNS string gets bigger it switches to using TCP instead of UDP on port 53 and this was initially blocked by the firewall. As soon as it was opened it worked. Thanks all for your help

    Cheers

    • Marked as answer by GDHUK Friday, July 31, 2015 3:35 PM
    Friday, July 31, 2015 3:35 PM

All replies

  • Well the first thing i would do on those client is validate the DNS configuration.

    After that do a NSLOOKUP

    set type=all
    _mssms_mp_site code._tcp.fqdn-of-your-domain

    example:_mssms_mp_PRI._tcp.sccmmp.contoso.com

    Monday, July 27, 2015 3:55 PM
  • Hi, thanks for your reply. The DNS seems fine which is why i can't understand the issue. I've just tried it again following your example and It validates the configuration ok and finds the srv record without any problems, any other ideas?

    Monday, July 27, 2015 4:11 PM
  • Can you try this from the computer with issue.

    http://<ServerName>/sms_mp/.sms_aut?mpcert

    Also you are sure the the entry they are getting from the nslook is the right one.

    You need to do this from the computer having issue.

    Also if you look at the ccmsetup.log do you see any other error when it try to contact the MP/DP ?

    Monday, July 27, 2015 4:16 PM
  • OK Nslookup entry is definitely correct and when I try the URL it comes back with the MP certificate, I assume that's correct?

    There's no errors in the ccmsetup log it says it's exiting with return code 0 

    confirm i'm doing all this from the server having the issue

    thanks for your time so far

    Monday, July 27, 2015 4:31 PM
  • OK Nslookup entry is definitely correct and when I try the URL it comes back with the MP certificate, I assume that's correct?

    There's no errors in the ccmsetup log it says it's exiting with return code 0 

    confirm i'm doing all this from the server having the issue

    thanks for your time so far

    You saying from the server having issue. So just to make sure the server is running the client and the client on that server is having issue.?

    On the client can you look at those log files please.

    Start by looking at the locationservices.log to see if you are getting the info about the site and here the client need to point.

    After look at the following CcmExec.log, PolicyAgentProvider.log, StatusAgent.log



    Monday, July 27, 2015 4:35 PM
  • Yes it's a server running the client and the client on that server is having the issue.

    locationservices.log is the one i quoted in my question "Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domain lookup. DNS returned error 10061" which i understand is the DNS server refused the connection?

    CCMExec.log and PolicyAgentProvider.log don't seem to have any errors but StatusAgent.log has the error below

    LOG[Registration failed with error 0x80041010]LOG]!><time="11:46:42.771-60" date="07-27-2015" component="StatusAgent" context="" type="3" thread="3320" file="forwardproxy.cpp:203">

     

     
    Monday, July 27, 2015 4:47 PM
  • Does the local machine have the DNSSUFFIX properly configure to make the validation properly. Since they are in a another domain. I am almost 100% sure that the issue is the DNS.

    Look at the article here:https://technet.microsoft.com/en-us/library/gg682055.aspx?f=255&MSPPError=-2147217396

    https://social.technet.microsoft.com/Forums/en-US/93b7d72c-2220-42b9-8de4-3ea18ce2f877/publishing-default-management-point-to-dns?forum=configmanagerdeployment

    Monday, July 27, 2015 4:57 PM
  • Yes i've seen the article before and tried the DNSSUFFIX but no joy, unfortunately the guy with the issue doesn't reveal in any detail what he did to resolve it. I will try it again tomorrow, maybe I didn't do something correctly. I'll let you know what happens

    cheers

    Monday, July 27, 2015 5:40 PM
  • Tried again today with the DNSSUFFIX during and after installation and it's still not working. I've installed the client in the same way to all the machines in this domain without any problems but there's just a couple that will not get assigned to the site. Any other ideas?

    Tuesday, July 28, 2015 8:55 AM

  • locationservices.log is the one i quoted in my question "Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domain lookup. DNS returned error 10061" which i understand is the DNS server refused the connection?

     

    That is not enough information from the log. Try to assign the client manually again and provide some more lines from the log.

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, July 28, 2015 9:02 AM
  • Ok sure, here it is:

    <![LOG[Won't send a client assignment fallback status point message because the last assignment error matches this one.]LOG]!><time="11:30:27.455-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5048" file="fspclientdeployassign.cpp:197">
    <![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:01.327-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
    <![LOG[Attempting to retrieve lookup MP(s) from AD]LOG]!><time="11:32:01.336-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2351">
    <![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:01.339-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
    <![LOG[Domain joined client is in Intranet]LOG]!><time="11:32:01.339-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:1047">
    <![LOG[No lookup MP(s) from AD]LOG]!><time="11:32:01.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2383">
    <![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="11:32:01.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2396">
    <![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="11:32:01.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:3253">
    <![LOG[Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domainname.local lookup. DNS returned error 10061]LOG]!><time="11:32:03.367-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lsad.cpp:3279">
    <![LOG[No lookup MP(s) from DNS]LOG]!><time="11:32:03.367-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2425">
    <![LOG[Client is set to use HTTPS when available. The current state is 224.]LOG]!><time="11:32:03.376-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="ccmutillib.cpp:412">
    <![LOG[Failed to resolve 'SMS_SLP' from WINS]LOG]!><time="11:32:12.384-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lswins.cpp:472">
    <![LOG[No lookup MP(s) from WINS]LOG]!><time="11:32:12.384-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2444">
    <![LOG[Unable to find lookup MP(s) in Registry, AD, DNS and WINS]LOG]!><time="11:32:12.384-60" date="07-28-2015" component="LocationServices" context="" type="3" thread="5904" file="lsad.cpp:2456">
    <![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:12.387-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
    <![LOG[Domain joined client is in Intranet]LOG]!><time="11:32:12.387-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:1047">
    <![LOG[Attempting to retrieve lookup MP(s) from AD]LOG]!><time="11:32:12.407-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2351">
    <![LOG[Current AD forest name is xxxx.local, domain name is xxxx.local]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:842">
    <![LOG[Domain joined client is in Intranet]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:1047">
    <![LOG[No lookup MP(s) from AD]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2383">
    <![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2396">
    <![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="11:32:12.410-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:3253">
    <![LOG[Failed to retrieve DNS service record using _mssms_mp_001._tcp.servername.domainname.local lookup. DNS returned error 10061]LOG]!><time="11:32:14.412-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lsad.cpp:3279">
    <![LOG[No lookup MP(s) from DNS]LOG]!><time="11:32:14.412-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2425">
    <![LOG[Failed to resolve 'SMS_SLP' from WINS]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="2" thread="5904" file="lswins.cpp:472">
    <![LOG[No lookup MP(s) from WINS]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="1" thread="5904" file="lsad.cpp:2444">
    <![LOG[Unable to find lookup MP(s) in Registry, AD, DNS and WINS]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="3" thread="5904" file="lsad.cpp:2456">
    <![LOG[LSGetAssignmentSiteCodeForSite: Failed to get assigned site code from AD and MP]LOG]!><time="11:32:23.424-60" date="07-28-2015" component="LocationServices" context="" type="3" thread="5904" file="lsad.cpp:4240">

    Tuesday, July 28, 2015 10:41 AM
  • I'm not sure if this helps at all but I've noticed that all the machines I'm having this issue on are SQL Servers. If anyone has any ideas I would be grateful 

    Thanks

    Thursday, July 30, 2015 2:28 PM
  • Ok finally this has been resolved. It turns out that apparently when the DNS string gets bigger it switches to using TCP instead of UDP on port 53 and this was initially blocked by the firewall. As soon as it was opened it worked. Thanks all for your help

    Cheers

    • Marked as answer by GDHUK Friday, July 31, 2015 3:35 PM
    Friday, July 31, 2015 3:35 PM