New secondary site installation may fail if data signing is turned on in SMS 2.0 SP5 or in SMS 2003 (827887)
The information in this article applies to:
- Microsoft Systems Management Server 2.0 SP5
- Microsoft Systems Management Server 2003
SYMPTOMSWhen you try to create a new secondary site in Microsoft Systems Management Server (SMS) 2.0 Service Pack 5 (SP5) or in SMS 2003, the child site installation is not completed, and the child site status remains Pending in the SMS Administrator Console. If you have turned on logging for the SMS Despooler component, the following may appear in the Despool.log file on the parent SMS site server, where xxx is the site code for the child site: Waiting for ready instruction file....
Verifying signature for instruction C:\SMS\inboxes\despoolr.box\receive\ds_1vfda.ist of type MICROSOFT|SMS|MINIJOBINSTRUCTION|TRANSFER
CPublicKeyLookup::CPublicKeyLookup("xxx")
CPublicKeyLookup::CPublicKeyLookup("xxx") Initializing to file: C:\SMS\inboxes\hman.box\pubkey\xxx.pkc
CPublicKeyLookup::GetNextKey() Getting Iteration: 2
CPublicKeyLookup::GetNextKey() Checking C:\SMS\inboxes\hman.box\pubkey\xxx.pkc for Key0
CPublicKeyLookup::GetNextKey() No Match Found, Trying C:\SMS\inboxes\hman.box\pubkey\xxx.pkp
CPublicKeyLookup::GetNextKey() Found Key:
CPublicKeyLookup::CPublicKeyLookup("xxx")
Cannot find valid public key for key exchange instruction coming from site xxx
Retry the instruction (C:\SMS\inboxes\despoolr.box\receive\ds_1vfda.ist) because this site does not allow untrusted child sites.
Will retry instruction C:\SMS\inboxes\despoolr.box\receive\ds_1vfda.ist 100 more times, the next retry is in about 5 minutes
Instruction C:\SMS\inboxes\despoolr.box\receive\r_g1bzte.sni won't be processed till 07/29/2003 12:42:51 PM Eastern Daylight Time Waiting for ready instruction file....
The log entries appear for each .sni file from the secondary site that is processed by the parent site. The secondary site cannot report status to the parent site. You may also notice a backlog of files in the \SMS\Inboxes\Despool.box
file on the parent site server computer. CAUSEThis problem occurs because of new security features that are available with SMS 2.0 SP5 and with SMS 2003. The security features allow an SMS administrator to reject communication from
SMS sites that do not use signed data. The security features can
prevent the installation of additional secondary sites in the SMS hierarchy that do not meet the security requirements.RESOLUTIONTo resolve this problem, follow these steps: - On the secondary site computer, click Start, click Run, type cmd, and then click OK.
- At the command prompt, change to the \SMS\bin\i386\00000409 folder.
- Type preinst.exe /KEYFORPARENT, and then press ENTER.
Preinst.exe creates a SiteCode.CT4 file in the root folder of the largest drive partition, where SiteCode is the site code of the secondary site. - Copy the SiteCode.CT4 file to the
\SMS\Inboxes\Hman.box folder on the parent site computer.
The SMS Hierarchy Manager component processes the .CT4 file and
adds the security key to its list of accepted keys for data transfer. After the security key is added to the SMS parent site, the backlog of files on the parent site is processed by the SMS Despooler component. When the new .CT4 file is processed, the following log entries appear in the Hman.log file, where xxx is the site code for the child site: Wait for site control changes...
Processing C:\SMS\inboxes\hman.box\xxx_7W21.CT4 file, containing 1 keys. CPublicKeyLookup::UpdateCurrentKey("xxx", "0602000000A400005253413100020000010001008F581AE90DEF71C4F156B96D19CAD050C82F4D7E6FEDF516CE20335CB0E37D4A1BE164C8C8113CEFBF285BC88F84BF0E928AB054A86260868A955D5F292A29A4")
CPublicKeyLookup::UpdateCurrentKey() Checking C:\SMS\inboxes\hman.box\pubkey\xxx.pkc for Key0 CPublicKeyLookup::UpdateCurrentKey() Updating Key0
No parent site to forward CT4 file C:\SMS\inboxes\hman.box\xxx_7W21.CT4 to. Deleting.
Wait for site control changes... After the SMS Hierarchy Manager has processed the .CT4 file, the secondary site communications are accepted, and the secondary site appears as Active.
Modification Type: | Major | Last Reviewed: | 3/15/2006 |
---|
Keywords: | kbtshoot kbServer kbsmsAdmin kbSysSettings kbsetup kbSecurity kbprb KB827887 kbAudITPRO |
---|
|