Share via

SCCM client discovery from another domain

bala198222 41 Reputation points
2020-09-09T14:56:26.253+00:00

i want discover the clients from another domain , when we try discover getting following error message in the adsysdis.log . check the firewall ports are open

ERROR: Failed to bind to 'LDAP://---/rootDSE' (0x8007203A)

ERROR: Failed to enumerate directo23475-inkedsccm-discovery-error-li.jpgry objects in AD container LDAP://---

Microsoft Configuration Manager
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,181 Reputation points Microsoft Employee
    2020-09-09T20:38:16.107+00:00

    0x8007203A = "The server is not operational."

    The LDAP query is returning a reference to a domain controller that no longer exists in the target domain. This is an issue outside the scope of control of ConfigMgr and needs to be addressed on/in that domain. My guess is that someone improperly removed a domain controller at some point and this needs to be cleaned out of that domain properly.

    0 comments
  2. Simon Ren-MSFT 31,131 Reputation points Microsoft Vendor
    2020-09-10T02:46:26.89+00:00

    Hi,

    Thank you for coming Microsoft MECM Q&A forum.

    1. Do you specify a specific domain controller in your LDAP query or do you just use the FQDN of the domain? Please try another domain controller to have a try.
    2. Does your Service account have rights on the untrusted domain? We can change the AD forest account under the Administrator\Hierarchy Configuration\Active Directory Forest\General tab, we can use the default site server computer account or use a specific account.

    Thanks for your time.

    Best regards,
    Simon
    If the response is helpful, please click "Accept Answer" and upvote it.

    0 comments