locked
SCCM restore no longer authenticated on domain RRS feed

  • Question

  • Morning all,

    Quick background, around 6 weeks ago we were hit nasty with a crypto locker virus, we've practically rebuild the infrastructure but for the most part, relied upon backups to do so. SCCM being one of them, when I restored SCCM (VM), it couldn't connect to the domain due to trust relationship. I figured this would happen as we'd changed DC's around. So, rejoined to domain but from that point on, it states that the forest it's found, it doesn't have sufficient access, thus all my groups are not working and I can't get it to distribute anything either.

    I've made sure the computer account for SCCM has full permissions on AD's system container and all child objects, I've rebooted the server, tried restarting the services, but I'll be honest, my knowledge isn't that great. What else can I do?

    I wasn't the originating tech to setup the SCCM infrastructure here, I've used it to deploy a win 10 upgrade to the estate and have learnt a lot about it. But I'm seeing that site status under Monitoring\System Status is showing the following:

    Failed - Fallback status point

    Failed - Endpoint protection point

    Failed - Application catalog website point

    Failed - Software update point

    Failed - Site server

    Failed - Distribution point

    Failed - Component server

    Failed - Application catalog web service point

    Failed - Service connection point

    OK - Site database server

    OK - Reporting Services point

    OK - Site Database server

    OK - Distribution point

    OK - Management point

    Now, I'd expect site server to be ok? I've read about a system reset that can be performed, but will I lose all the data currently in place? Will this fix my issue? I'm a bit lost to be honest.

    Tuesday, April 18, 2017 8:43 AM

All replies

  • A site reset does not change the config at all ... it's usually safe to run.
    You would have to examine various logs to get an idea what's (not) working.

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, April 18, 2017 9:13 AM
  • I've dug a bit further and it seems the SMS_Executive simply won't be created after forcing the SMS_Site_component_Manager service to restart. Thus half the components simply aren't running. 

    Do you have any good detailed articles to hand regarding the site reset? I'm tempted to try this this afternoon if I have no luck.

    Thank you

    Tuesday, April 18, 2017 11:29 AM
  • Just run Setup.exe again and initiate a site reset. Monitor sitecomp.log then.

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, April 18, 2017 11:41 AM
  • I'd also suggest either opening a case with Microsoft or brining in an experienced consultant or contractor here as this is potentially a much bigger issue than should or can be dealt with in a simple, time delayed forum.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, April 18, 2017 1:55 PM
  • I'd also suggest either opening a case with Microsoft or brining in an experienced consultant or contractor here as this is potentially a much bigger issue than should or can be dealt with in a simple, time delayed forum.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Correct, I've called in a third party we deal with. 

    I've also run a site reset, all went through ok but absolutely no difference to the SMS_EXECUTIVE running.

    Thursday, April 20, 2017 7:29 AM