Condividi tramite

Solution: ConfigMgr 2007 fails to create AMT User OU objects in Disjointed Namespace Environment

  • Articolo

fixHere’s an issue we ran into a while back and since we now have an ideal place to post it I thought I’d throw it out here in the hopes that it'll help the next person. 

Issue: AMT clients are "successfully" provisioned however their accounts are not created in the Out Of Band OU specified.

In the System Center Configuration Manager 2007 console, for the container to create our AMT accounts we have specified:

OU=AMT,OU=Misc,DC=alpha,DC=bravo,DC=charlie,DC=com

However the AMT clients we are trying to provision do not register their DNS suffix in that namespace.  Instead they register it in DC=charlie,DC=com (NOT DC=alpha,DC=bravo,DC=charlie,DC=com).

We tried hosts file on the SCCM server as well as modifying the DNS Suffix Search order on the SCCM server to no avail. Regardless of the console settings, when we try to create the account we do a DNS lookup of the client and then fail to add the user object with this error:

Failure: The AMT Proxy Manager failed to add a object into AD. FQDN: serverName.charlie.com, ADDN: OU=AMT,OU=Misc,DC=charlie,DC=com, UUID: 4C4C4544-0047-5010-8036-B4C04F544631, AMT Version: 3.2.3.

Note: This LDAP path is not the one defined in OOB Mgmt Properties and in fact does not exist!

If we configure the clients to register in DNS the DNS suffix of DC=alpha,DC=bravo,DC=charlie,DC=com then everything works.

Cause: This can occur if the domain has a disjointed namespace.  For more information on disjointed namespaces see the Disjointed namespaces section of https://support.microsoft.com/default.aspx?scid=kb;EN-US;909264.

Resolution: We do not support disjointed namespaces with AMT and ConfigMgr 2007 SP1, and at this time there is no support for this configuration with ConfigMgr 2007 SP2 either. However, we are investigating what it would take to offer that support and will make a final determination at a later date.

So ultimately the answer to this problem would be to allow your clients to register in the correct DNS namespace that matches up to your AD LDAP path specified.

Best,

Buz Brodin | Senior Support Escalation Engineer

Comments

  • Anonymous
    July 08, 2010
    I've never really understood what the purpose of adding machine to the AMT OU was? So what functionality do we lose if we had disjointed namespaces?

  • Anonymous
    July 15, 2010
    I adore your site, looks excellent and full of good info. Keep it up.

  • Anonymous
    August 08, 2010
    This is a great web site. Good polished UI and nice informative articles. I will be coming back next tme, thanks for the great post.

  • Anonymous
    August 16, 2010
    <a href="www.vertu-mobile-phone.com/">Vertu Phone</a>

  • Anonymous
    August 17, 2010
    I enjoyed your article here mate. Infact I'm a fan of the site in general to be very honest. It's the fourth ocasion I've been back here but I kept forgeting to save the site in my saved website list so I have to keep going through the search engines to find it. SAVED this time haha . Best of luck.

  • Anonymous
    September 28, 2010
    Thanks for such a great post and also the examine, I am totally impressed! Maintain stuff like this coming. http://www.aa-sf.com/

  • Anonymous
    October 06, 2010
    The comment has been removed

  • Anonymous
    October 14, 2010
    The comment has been removed

  • Anonymous
    November 09, 2010
    Let us always meet each other with a smile,for the smile is the beginning of love,and once we begin to love each other naturally we want to do something. <a href="http://www.onlineusb.net">oem usb</a> <a href="http://www.topusbdrive.com">Branded usb drives </a>

  • Anonymous
    November 21, 2010
    Doubt is the key to knowledge. http://www.xuehuasf.com/ http://www.iqwqj.com/

  • Anonymous
    February 28, 2011
    thanks thats nicew great information texas ti-89 http://www.makhzannoor.com

  • Anonymous
    May 13, 2011
    Thanks , I have just been looking for information about this topic for ages and yours is the best I’ve discovered till now. http://www.6scs.com http://www.178qw.com

  • Anonymous
    August 12, 2011
    Michele Bachmann cast her opinion http://www.7scs.net/ as a settled fact when she told the Republican presidential debate Thursday that a key element of President Barack Obama's health care law is unconstitutional.

  • Anonymous
    March 23, 2012
    hockey lovers buy hockey jerseys, here we provede your fancy hockeys for you <p><a href="www.hockeyjerseysbuy.com">buy hockey jerseys</a></p>

  • Anonymous
    March 23, 2012
    Perhaps you could write subsequent articles referring to this article. I wish to learn more things about it!<p><a href="www.buy-mlbjerseys.com">buy mlb jerseys</a></p>

  • Anonymous
    March 28, 2012
    If you want to share the happiness of watching NFL with more people, then don’t just buy NFL jerseys for yourself, but also buy it for your families. Here you can buy nfl jerseys for men, women, and children. www.buy-nfljersey.com

  • Anonymous
    April 25, 2012
    Thanks for your article,like your blog very much,well done <p><a href="www.cheapjerseys-c.com">cheap jerseys for sale</a></p>