SMS-Site-<sitecode> could not be created, error code 8203 RRS feed

  • Question

  • In my System Management container, I am only seeing SMS-MP-<sitecode>-<server>.

    I should have SMS-Site-<sitecode> as well. I have tried many things with still no luck.

    My current setup:
    SCCM 2007 R2 (native mode) installed on Server 2008.
    SQL 2005 on a separate box.


    Update Site Boundaries in Active Directory SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)
    Active Directory DS Root:DC=slhn,DC=org SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)
    Searching for the System Management Container. SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)
    System Management container exists. SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)
    Searching for SMS-Site-SLH Site Object. SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)
    SMS-Site-SLH doesn't exist, creating it. SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)
    SMS-Site-SLH could not be created, error code = 8203. SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)
    STATMSG: ID=4913 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_HIERARCHY_MANAGER" SYS=SLHSCCMSVR SITE=SLH PID=6128 TID=7352 GMTDATE=Thu Sep 10 12:39:07.980 2009 ISTR0="SMS-Site-SLH" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_HIERARCHY_MANAGER 9/10/2009 8:39:07 AM 7352 (0x1CB8)

    Taken from site status:

    Severity,Type,Site code,Date / Time,System,Component,Message ID,Description
    Error,Milestone,SLH,9/10/2009 8:39:07 AM,SLHSCCMSVR,SMS_HIERARCHY_MANAGER,4913

    Systems Management Server cannot create the object "SMS-Site-SLH" in Active Directory.   

    1) Possible cause: This site's SMS Service account or the site server's machine account may not have full control rights for the "System Management" container in Active Directory  Solution: Give the site's SMS Service account full control rights to the "System Management" container, and all child objects in Active Directory.   

    2) Possible cause: Another Active Directory object named "SMS-Site-SLH" already exists somewhere outside of the "System Management" container  Solution: Locate the other object with the same name, and delete the object from its current location.  Then allow SMS create a new object.   

    3) Possible cause: The Active Directory schema has not been extended with the correct SMS Active Directory classes and attributes.   Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended.  The schema can be extended with the tool "extadsch.exe" from the SMS CD.

    1) I have verified that Both the "System" Container and the "System Management" Have full control for slhsccmsvr$ (which is the name of our sccm server) for the container and its descendants via ADSIedit. I know server has proper permissions to the container because it created SMS-MP-SLH-SLHSCCMSVR.

    2) There is not other object in AD with that name that I can find with dsa.msc

    3) I extended the AD schema using extadsch.exe before SCCM was installed. I re-extended the schema using extadsch.exe 2 days ago. This has not fixed my issue either.

    Here is a copy of extadsch.log:
    <09-08-2009 15:21:27> Modifying Active Directory Schema - with SMS extensions.
    <09-08-2009 15:21:27> DS Root:CN=Schema,CN=Configuration,DC=slhn,DC=org
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-Site-Code already exists.
    <09-08-2009 15:21:27> Attribute cn=mS-SMS-Assignment-Site-Code already exists.
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-Site-Boundaries already exists.
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-Roaming-Boundaries already exists.
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-Default-MP already exists.
    <09-08-2009 15:21:27> Attribute cn=mS-SMS-Device-Management-Point already exists.
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-MP-Name already exists.
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-MP-Address already exists.
    <09-08-2009 15:21:27> Attribute cn=mS-SMS-Health-State already exists.
    <09-08-2009 15:21:27> Attribute cn=mS-SMS-Source-Forest already exists.
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-Ranged-IP-Low already exists.
    <09-08-2009 15:21:27> Attribute cn=MS-SMS-Ranged-IP-High already exists.
    <09-08-2009 15:21:27> Attribute cn=mS-SMS-Version already exists.
    <09-08-2009 15:21:27> Attribute cn=mS-SMS-Capabilities already exists.
    <09-08-2009 15:21:28> Class cn=MS-SMS-Management-Point already exists.
    <09-08-2009 15:21:28> Located LDAP://cn=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=slhn,DC=org
    <09-08-2009 15:21:28> Successfully updated class LDAP://cn=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=slhn,DC=org.
    <09-08-2009 15:21:28> Class cn=MS-SMS-Server-Locator-Point already exists.
    <09-08-2009 15:21:28> Located LDAP://cn=MS-SMS-Server-Locator-Point,CN=Schema,CN=Configuration,DC=slhn,DC=org
    <09-08-2009 15:21:29> Successfully updated class CN=Schema,CN=Configuration,DC=slhn,DC=org.
    <09-08-2009 15:21:29> Class cn=MS-SMS-Site already exists.
    <09-08-2009 15:21:29> Located LDAP://cn=MS-SMS-Site,CN=Schema,CN=Configuration,DC=slhn,DC=org
    <09-08-2009 15:21:29> Successfully updated class LDAP://cn=MS-SMS-Site,CN=Schema,CN=Configuration,DC=slhn,DC=org.
    <09-08-2009 15:21:29> Class cn=MS-SMS-Roaming-Boundary-Range already exists.
    <09-08-2009 15:21:29> Located LDAP://cn=MS-SMS-Roaming-Boundary-Range,CN=Schema,CN=Configuration,DC=slhn,DC=org
    <09-08-2009 15:21:29> Successfully updated class LDAP://cn=MS-SMS-Roaming-Boundary-Range,CN=Schema,CN=Configuration,DC=slhn,DC=org.
    <09-08-2009 15:21:30> Successfully extended the Active Directory schema.

    <09-08-2009 15:21:30> Please refer to the SMS documentation for instructions on the manual
    <09-08-2009 15:21:30> configuration of access rights in active directory which may still
    <09-08-2009 15:21:30> need to be performed.  (Although the AD schema has now be extended,
    <09-08-2009 15:21:30> AD must be configured to allow each SMS Site security rights to
    <09-08-2009 15:21:30> publish in each of their domains.)

    I am not sure what else to try.

    Thursday, September 10, 2009 4:07 PM