SMS: Parent Is Unable to Update Site Property Comments After a Primary Site Is Restored (249590)



The information in this article applies to:

  • Microsoft Systems Management Server 2.0 SP1

This article was previously published under Q249590

SYMPTOMS

When the encryption keys for Microsoft Windows NT are modified by the system and Systems Management Server (SMS) is not aware of the changes, Hierarchy Manager can become unable to read encryption, and this can cause updates between sites to cease. When this occurs, the following log file entry may be generated in the Hman.log file:
HMAN: Cannot decrypt the SMS encryption key using the crypto exchange key.
Also, the following warning is logged in the Sitectl.log file:
SITECTRL: WARNING: The "Site Definition" item in a record contained in delta site control file "C:\SMS\inboxes\sitectrl.box\incoming\********.CT1" specifies an invalid public key for decrypting the SMS service account and password. This record and the remaining records in the file are unusable.

CAUSE

Incorrect cryptography keys cause this behavior. There are two possible reasons the cryptography keys have been regenerated and cause this problem.
  1. After site restoration the crypto keys are generated on a per-computer, per-Windows NT installation, and per-Windows NT account basis. If you reinstall the operating system, the keys must be regenerated.
  2. If Netmeeting 3.x is installed and Remote Desktop sharing is enabled followed by the required reboot then set active, the crypto exchange keys will be regenerated not just once but repeatedly.

RESOLUTION

SMS Service Pack 2 has an updated version of Hierarchy Manager that is capable of detecting when these cryptography keys are invalid and regenerates them allowing SMS to decrypt the account and password and process the Site Property changes.

To resolve this problem, obtain the latest service pack for Systems Management Server version 2.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

236325 How to Obtain the Latest Systems Management Server 2.0 Service Pack


STATUS

Microsoft has confirmed this to be a problem in Systems Management Server version 2.0 This problem was first corrected in Systems Management Server version 2.0 Service Pack 2..

MORE INFORMATION

To install the hotfix, use the following steps on the SMS site server. There is a separate set of steps for sites that use a remote SQL database.

NOTE: This fix requires a site reset so that the Client Access Points (CAPs) will be updated. The hotfix package does not perform a site reset, but there is a dialog box that states that a site reset needs to be carried out. After the script is done, run Setup or Preinst.exe to reset the site.

Local Installation of SQL

  1. The following services on the Systems Management Server site server must be stopped before applying this fix:
    • SMS_SITE_COMPONENT_MANAGER
    • SMS_EXECUTIVE
    • "Windows Management"
  2. Locate the Basesql.dll, Hman.dll, and Smsprov.dll files in the SMS\Bin\Platform folder on the SMS site server and rename each file. Copy the newer version of each file that is provided in the fix to the same folder.

    NOTE: The provided installer script will update the site server only. The provider computer and remote administrator workstations must be updated manually.

    The installer creates text files containing instructions on how to manually update the provider computer and administrator consoles.
  3. To support the added objects, the MOF files must be updated. Because these contain information specific to the installed site, some manual editing is required.

    NOTE: The installer script does not copy these files. You must do this manually and then make the edits after running the script.

    To create a custom Smsprov.mof for the site:
    1. Copy the new _smsprov.mof file to a temporary folder.
    2. Open the file with Notepad.
    3. Replace all instances of "REPLACESITECODE" with the site code of the site this fix is being applied to.
    4. Replace all instances of "REPLACEPROFICERMACHINE" with the NetBIOS name of the computer that is hosting the provider. With SQL installed on the SMS site server, this is always the site server. With SQL installed remotely, this may or may not be the SQL server. (Look for a folder on the SQL server named SMSPROV\MOFs\SiteCode.)
    5. Replace "REPLACEPROVIDERFORLOCALSITEFLAG" with "TRUE" if the SQL provider is local or "FALSE" if the SQL server and the provider are remote.
  4. Copy the MOF files to the site system(s).

    Local SQL:
    1. Rename the SMS\Bin\Platform\Smsprov.mof and SMS\Bin\Platform\Secreg.mof files to Smsprovmof.old and Secregmof.old.
    2. Copy the _smsprov.mof and Secreg.mof files to SMS\Bin\Platform\Smsprov.mof and SMS\Bin\Platform\Secreg.mof.
    Remote SQL and Remote Provider:

    1. Follow the "Local SQL" steps above to update the site server.
    2. Rename the SMSPROV\MOF's\SiteCode\Smsprov.mof file to Smsprovmof.old.
    3. Rename the SMSPROV\MOF's\SiteCode\Secreg.mof file to Secregmof.old.
    4. Copy the Secreg.mof file to SMSPROV\MOF's\SiteCode\Secreg.mof.
    5. Copy the _smsprov.mof file to SMSPROV\MOF's\SiteCode\Smsprov.mof.
  5. Recompile the MOF files. These steps are the same for both local and remote SQL installations:
    1. Open a command prompt and navigate to the SMS\bin\Platform folder.
    2. Run the following command line:

      %systemroot%\system32\wbem\mofcomp smsprov.mof

    3. Run the following command line:

      %systemroot%\system32\wbem\mofcomp secreg.mof

Remote Installation of SQL

  1. Stop the following services on the SMS site server:
    • SMS_SITE_COMPONENT_MANAGER
    • SMS_EXECUTIVE
    • "Windows Management"
  2. Stop the following services on the SQL server:
    • SMS_SQL_MONITOR_Site Server Name
    • SMS_EXECUTIVENOTE: The SMS_EXECUTIVE service does not exist on the SQL server unless the system has been specified in the administration console as a Client Access Point (CAP) or any of the senders have been offloaded onto the server.

  3. Replace each file with the newer version provided in the fix. On the SMS site server, replace the Basesql.dll, Hman.dll, and Smsprov.dll files in the SMS\Bin\Platform folder.

    On the SQL server, replace the Basesql.dll and Smsprov.dll files in the SMSPROV\Bin\Platform folder. Also replace the Basesql.dll file in the SMS_SiteServername\Bin\Platform folder.

    The provided installer script updates the site server only. The provider computer and remote administrator workstations must be updated manually. The installer creates text files containing instructions on how to manually update the provider computer and administrator consoles.
  4. Copy the MOF files to the site system(s):
    1. On the SMS Site Server

    2. Rename the SMS\Bin\Platform\Smsprov.mof file to Smsprovmof.old.
    3. Rename the SMS\Bin\Platform\Secreg.mof file to Secregmof.old.
    4. Copy the _smsprov.mof file to SMS\Bin\Platform\Smsprov.mof.
    5. Copy the Secreg.mof file to SMS\Bin\Platform\Secreg.mof.

      On the SQL Server

    6. Rename the SMSPROV\MOF's\SiteCode\Smsprov.mof file to Smsprovmof.old.
    7. Rename the SMSROV\MOF's\SiteCode\Secreg.mof file.
    8. Copy the smsprov.mof file to SMSPROV\MOF's\SiteCode\Smsprov.mof.
    9. Copy the Secreg.mof file to SMSPROV\MOF's\SiteCode\Secreg.mof.

Standalone Administrative Computers

Updating the Smsprov.mof File

To support the added objects, the MOF files must be updated. Because these contain information specific to the installed site, some manual editing is required.

The installer script does not copy these files. You must do this manually and make the edits after running the script.

Create a custom Smsprov.mof file for the site:
  1. Copy the new _smsprov.mof file to a temporary folder.
  2. Open the file with Notepad (or any text editor).
  3. Replace all instances of "REPLACESITECODE" with the site code.
  4. Replace all instances of "REPLACEPROVIDERMACHINE" with the NetBIOS name of the computer that is hosting the provider. With local SQL, this is always the site server. With remote SQL, this may or may not be the SQL server. (Look for a folder on the SQL server named SMSPROV\MOFs\SiteCode.)
  5. Replace "REPLACEPROVIDERFORLOCALSITEFLAG" with "TRUE" if the SQL provider is local or "FALSE" if the SQL server and the provider are remote.
Copy the MOF files to the site system(s):

Local SQL

  1. Rename the SMS\Bin\Platform\Smsprov.mof file to Smsprovmof.old.
  2. Rename the SMS\Bin\Platform\Secreg.mof file to Secregmof.old.
  3. Copy the _smsprov.mof file to SMS\Bin\Platform\Smsprov.mof.
  4. Copy the Secreg.mof file to SMS\Bin\Platform\Secreg.mof.

Remote SQL and Remote Provider

  1. Complete the "Local SQL" steps above to update the site server.
  2. Rename the SMSPROV\MOF's\SiteCode\Smsprov.mof file to Smsprovmof.old.
  3. Rename the SMSPROV\MOF's\SiteCode\Secreg.mof file to Secregmof.old.
  4. Copy the Secreg.mof file to SMSPROV\MOF's\SiteCode\Secreg.mof.
  5. Copy the _smsprov.mof file to SMSPROV\MOF's\SiteCode\Smsprov.mof.
Recompile the MOF files:

Local SQL

  1. Open a command prompt and navigate to the SMS\bin\Platform folder.
  2. Run the following commands:

    %systemroot%\system32\wbem\mofcomp smsprov.mof
    %systemroot%\system32\wbem\mofcomp secreg.mof

Remote SQL and Remote Provider

  1. Open a command prompt and navigate to the SMSPROV\MOF's\SiteCode folder.
  2. Run the following commands:

    %systemroot%\system32\wbem\mofcomp smsprov.mof
    %systemroot%\system32\wbem\mofcomp secreg.mof

Restart the SMS services that you stopped on the SMS and SQL servers.

Modification Type:MajorLast Reviewed:4/7/2006
Keywords:kbQFE KBHotfixServer kbBug kbfix kbsms200fix kbsms200sp2fix KB249590