Hi
I am trying to discover objects in an untrusted domain by following this guide: http://blogs.technet.com/b/neilp/archive/2012/08/21/cross-forest-support-in-configmgr-2012-part-2-forest-discovery-publishing-and-client-push-installation.aspx
Forest A with the SCCM server is Windows 2012 with SCCM 2012 SP1 using SQL 2012 SP1 on a separate DB server..
Forest B is the untrusted forrest with a Windows 2012 DC
I am able to resolve dns between the domains using stub zones, and when I add the untrusted forest in sccm I get success on both discovery status and publishing status. I have also added the untrusted domain in the various discovery methods as described in the article, and when I test the connection it is successful.
However, when I run the discovery methods they all give the same error message and nothing is discovered. The is the error message from the site system status:
Active Directory System Discovery Agent failed to bind to container LDAP://DC=VESSEL1,DC=LOCAL. Error: E_ADS_CANT_CONVERT_DATATYPE. Possible cause: The AD container specified earlier might be invalid now. The Domain Controller is inaccessible. Solution: Please verify that the AD container paths specified are valid. Confirm accessibility of the site server to the Domain Controller to be queried.
This is from the adsysdis.log:
INFO: -------- Starting to process search scope (LDAP://DC=Vessel1,DC=local) -------- SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:02 152 (0x0098) INFO: Processing search path: 'LDAP://DC=VESSEL1,DC=LOCAL'. SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:02 152 (0x0098) INFO: Impersonating user [VESSEL1\ADMINISTRATOR] to discover objects. SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:02 152 (0x0098) INFO: Incremental synchronization requested SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:02 152 (0x0098) INFO: CADSource::incrementalSync returning 0x00000001 SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:02 152 (0x0098) INFO: New DC DNS name = 'VesselDC01.Vessel1.local' SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098) INFO: New highest committed USN = '29047' SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098) ERROR: Failed to read attribute 'invocationId' (0x8000500C) SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098) INFO: CADSource::fullSync returning 0x8000500C SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098) INFO: Reverting from impersonated user to default user. SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098) ERROR: Failed to enumerate directory objects in AD container LDAP://DC=VESSEL1,DC=LOCAL SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098) STATMSG: ID=5204 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_AD_SYSTEM_DISCOVERY_AGENT" SYS=ShoreSCCM.vesselnet.local SITE=P01 PID=1928 TID=152 GMTDATE=Fri Mar 22 21:45:04.423 2013 ISTR0="LDAP://DC=VESSEL1,DC=LOCAL" ISTR1="E_ADS_CANT_CONVERT_DATATYPE" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098) INFO: -------- Finished to process search scope (LDAP://DC=Vessel1,DC=local) -------- SMS_AD_SYSTEM_DISCOVERY_AGENT 22.03.2013 21:45:04 152 (0x0098)
Is there some new requirement that I am missing to get untrusted forests to work with SCCM SP1 and Windows 2012?
I would appreciate if anyone could help me with this problem, I have spent all day trying to find information on this error, but there is not much out there related to SCCM.