locked
AD System Discovery RRS feed

  • Question

  • In our SCCM 2012 R2 CU1 environment, recently started getting the following error for the AD system discovery:

    Active Directory System Discovery Agent failed to bind to container LDAP://DC=domain,DC=com. Error: The server does not support the requested critical extension.
    .

    Possible cause: The AD container specified earlier might be invalid now. The Domain Controller is inaccessible.
    Solution: Please verify that the AD container paths specified are valid. Confirm accessibility of the site server to the Domain Controller to be queried.

    So, any systems that have been recently added in active directory are not being discovered.

    There are no errors in the ddm.log.

    In the adsysdis.log:

    Valid Search Scope Name: LDAP://DC=domain,DC=com

     Search Path: LDAP://DC=domain,DC=com     IsValidPath: TRUE SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:00:01 PM 14848 (0x3A00)

    INFO: Bound to 'LDAP://DC01.domain.com/DC=domain,DC=com' SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:00:01 PM 14848 (0x3A00)

    ERROR: Failed to enumerate directory objects in AD container LDAP://DC=domain,DC=com SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:15:27 PM 14848 (0x3A00)

    The settings for the AD container for the discovery are: recursively search AD child containers and discover objects within AD groups are both checked.  We are using the computer account of the site server.

    We have one primary site.  Our AD folks have said that the site server does have read  access, so that should not be an issue.

    Wednesday, April 8, 2015 6:42 PM

Answers

  • Hi,

    Please try to take a trace for adsysdis.dll by running the AD system discovery to see if there is anything helpful.

    Have you checked "Discover objects within Active Directory groups"? If this option is checked, please try to uncheck it.

    Best Regards,

    Joyce


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Joyce L Monday, April 20, 2015 10:12 AM
    • Marked as answer by Joyce L Tuesday, April 28, 2015 1:25 AM
    Thursday, April 9, 2015 2:59 AM

All replies

  • Doesn't the logfile contain an error code?

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, April 8, 2015 6:46 PM
  • Maybe a firewall issue. Please contact your network admin.
    Wednesday, April 8, 2015 6:47 PM
  • In the adsysdis.log:

    ERROR: directory search failed (0x8007202C) SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:15:27 PM 14848 (0x3A00)
    INFO: CADSource::fullSync returning 0x8007202C SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:15:27 PM 14848 (0x3A00)

    Where can I find out what 0x8007202C is?


    The message ID for the SMS_AD_SYSTEM_DISCOVERY_AGENT is 5204
    • Edited by mandp Wednesday, April 8, 2015 7:13 PM
    Wednesday, April 8, 2015 7:11 PM
  • 0x8007202C

    The server does not support the requested critical extension.

    You can look up errors with cmtrace,exe

    http://www.kozeniauskas.com/itblog/2010/11/18/sccm-sms_ad_system_discovery_agent-message-id-5204/#more-465


    Wednesday, April 8, 2015 8:12 PM
  • Hi,

    Please try to take a trace for adsysdis.dll by running the AD system discovery to see if there is anything helpful.

    Have you checked "Discover objects within Active Directory groups"? If this option is checked, please try to uncheck it.

    Best Regards,

    Joyce


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Joyce L Monday, April 20, 2015 10:12 AM
    • Marked as answer by Joyce L Tuesday, April 28, 2015 1:25 AM
    Thursday, April 9, 2015 2:59 AM