The KMS MP was released yesterday as announced at here but what isn't mentioned is that all supports have been dropped!! From the manual "Appendix: Reports
Reports are no longer supported within the KMS management pack."
Unfortunately if you are going to be doing a Windows 7 rollout and using KMS, you will need this pack since the older pack doesn't support Windows 7. I've sent out a few feelers to find out what's going on.
Stay tuned
Tuesday, September 22, 2009
Monday, September 21, 2009
Agents being rejected and SPN's
I had a strange occurance going on in the past week where the agents in one domain were being rejected by the gateway server. I was getting these in the gateway Opsmgr error log from all the managed agents
Event Type: Error
Event Source: OpsMgr Connector
Event Category: None
Event ID: 20002
Date: 9/21/2009
Time: 9:53:00 AM
User: N/A
Computer: xxxxxx
Description:
A device at IP xxxxxx attempted to connect but could not be authenticated, and was rejected.
and this from the gateway server
Event Type: Warning
Event Source: OpsMgr Connector
Event Category: None
Event ID: 21035
Date: 9/21/2009
Time: 9:43:29 AM
User: N/A
Computer: xxxxxxx
Description:
Registration of a SPN for this computer with the "MSOMHSvc" service class has failed with error "The remote procedure call failed and did not execute.". This may cause Kerberos authentication to or from this Health Service to fail.
Doing a google search didn't lead to much and reading about SPN's was confusing. BUT after putting in a call to trusty MS the problem came down to the fact that I had replaced my RMS with a new RMS and the server object still existed in Active Directory.
A brief background on SPN's or service principle name. This is associated with the RMS of your environment and only the RMS should have the following entries
MSOMHSvc\RMS_server_name.fqdn
MSOMHSvc\RMS_server_netbios_name
which you can get via adsiedit/properties of the object/servicePrincipalName
since both RMS objects still existed there were two of these SPN's which would respond to any management server/gateway requesting this information. So it would be hit or miss if the proper RMS was contacted or not. If you delete these entries from the old RMS object then problem solved.
OR the moral of this story - DELETE THE OLD RMS OBJECT IN AD once you replace it.
Event Type: Error
Event Source: OpsMgr Connector
Event Category: None
Event ID: 20002
Date: 9/21/2009
Time: 9:53:00 AM
User: N/A
Computer: xxxxxx
Description:
A device at IP xxxxxx attempted to connect but could not be authenticated, and was rejected.
and this from the gateway server
Event Type: Warning
Event Source: OpsMgr Connector
Event Category: None
Event ID: 21035
Date: 9/21/2009
Time: 9:43:29 AM
User: N/A
Computer: xxxxxxx
Description:
Registration of a SPN for this computer with the "MSOMHSvc" service class has failed with error "The remote procedure call failed and did not execute.". This may cause Kerberos authentication to or from this Health Service to fail.
Doing a google search didn't lead to much and reading about SPN's was confusing. BUT after putting in a call to trusty MS the problem came down to the fact that I had replaced my RMS with a new RMS and the server object still existed in Active Directory.
A brief background on SPN's or service principle name. This is associated with the RMS of your environment and only the RMS should have the following entries
MSOMHSvc\RMS_server_name.fqdn
MSOMHSvc\RMS_server_netbios_name
which you can get via adsiedit/properties of the object/servicePrincipalName
since both RMS objects still existed there were two of these SPN's which would respond to any management server/gateway requesting this information. So it would be hit or miss if the proper RMS was contacted or not. If you delete these entries from the old RMS object then problem solved.
OR the moral of this story - DELETE THE OLD RMS OBJECT IN AD once you replace it.
Subscribe to:
Posts (Atom)