Inter-site communication is available in SMS 2.0 SP5 (816293)


The information in this article applies to:

  • Microsoft Systems Management Server 2.0

SUMMARY

Service Pack 5 (SP5) for Systems Management Server (SMS) 2.0 introduces new features for communication between SMS site servers. SMS 2.0 SP5 site servers can sign data that is exchanged between sites servers by using private and public encryption key pairs. Data signing helps make sure that potentially malicious data from unauthorized sources is rejected.

MORE INFORMATION

This feature is available in the latest service pack for Systems Management Server 2.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

288239 How to obtain the latest Systems Management Server 2.0 service pack

After you install SMS 2.0 Service Pack (SP) 5, the SMS site properties has a new Site Connection property tab. The Site Connection tab has two options:
  • Do not accept unsigned data from sites running SMS 2.0 SP4 and earlier
    By default, this is not selected.
  • Require secure key exchange between sites
    By default, this is not selected.
Note If you have an SMS site hierarchy with an SP5 parent site, a Service Pack 4 (SP4) child site, and Do not accept unsigned data from sites running SMS 2.0 SP4 and earlier is selected, the following occurs:
  1. You can manage the SP4 child site from the SP5 parent site. However, information that is sent from the child site will be rejected from the parent site.
  2. The SP4 child site will remain in the hierarchy tree in the SMS Administrator console.
  3. If the SP4 child site is detached, the SP5 parent site is unaware of this because the detach message will be rejected by the parent site.
  4. If you try to attach the SP4 site to the SP5 site, the attach will fail with no notice from the SP4 site or from the SP5 site. However, the failure will be logged in the SMS Despooler log.
You may have to perform a manual public key exchange to establish this kind of site-to-site communication. For example, if you join two new SP5 sites where the designated parent site has Do not accept unsigned data from sites running SMS 2.0 SP4 and earlier selected, site-to-site communication will not occur until the keys are manually exchanged. This is also true when a primary site installs (pushes) a secondary site installation.

After both sites are installed, manually exchange keys:
  1. On the parent site, click Start, click Run, type cmd, and then click OK.
  2. Type preinst.exe /keyforchild, and then press ENTER. The site key is placed in the C:\ folder, and is named site code.ct5.
  3. Copy this key file to the SMS\Inboxes\Hman.box folder on the child site. This is not the SMS\Inboxes\Hman.box\Publickeys folder.
  4. On the child site, click Start, click Run, type cmd, and then click OK.
  5. Type preinst.exe /keyforparent, and then press ENTER. The site key is placed in the C:\ folder, and is named site code.ct4.
  6. Copy this key to the SMS\Inboxes\Hman.box folder on the parent site.
Preinst.exe is located in the SMS\Bin\I386 folder for x86-based computers. Preinst.exe is located in the SMS\Bin\Alpha folder on Alpha-based computers.

For additional information about inter-site communication and other related changes that are included in SP5, click the following article number to view the article in the Microsoft Knowledge Base:

816290 List of security changes in Systems Management Server 2.0 Service Pack 5

Modification Type:MinorLast Reviewed:6/13/2005
Keywords:kbSMS200preSP5fix kbfix kbBug KB816293
©2004 Microsoft Corporation. All rights reserved.