Jump to content


BzowK

Issues Migrating Client to New Environment on New Domain

Recommended Posts

Hey Guys / Niall - 

I'm in need of assistance with an issue, please.  Our company is moving all systems over to a new domain over the next few months.  One other change will be that the new domain will have a new SCCM environment.  Since I'd rather not manage multiple environments, the plan is to migrate all workstations over to the new SCCM environment over about a week's time before migrating the domain on the systems.  I've already built the new environment and all site servers on the new domain so was ready to start client migration.  Changing a system to the new SCCM site and new domain works great - however - changing the client to the new SCCM site while retaining the old domain is not working.

Overall, I have ~10,000 workstations on our current domain which are members of the existing SCCM site.  I'm needing to migrate the clients to a new SCCM site which is on a new domain, but without changing the domain.

I'm using a VBS file to change the client's site code to the new environment.  Once I do, communication isn't correct, though.  Client's log files show:

  • ClientIDManagerStartup.log
    • RegTask: Failed to refresh MP. Error: 0x8000ffff
  • LocationServices.log:
    • There is no AMP for site code "BCD".  
    • LsRefreshManagementPointEx failed with 0x8000ffff
    • Failed to refresh security settings over AD with error 0x87d00215
    • Failed to refresh security settings over MP with error 0x8000ffff

The New SCCM environment's console shows the hostname of the test system plus shows that it's a member of the old domain.  It shows that "No" client is installed on the system both prior to and after the test to migrate it.  Finally, below are the things I've configured in preparation prior to the test:

  • A two-way trust exists between the old and new domains
  • Boundary added in New SCCM environment (ip range) for test system which is assigned to a Boundary group /w assigned site code & MP
  • SRV record added to old domain so that new site code resolves and points to FQDN of the new SCCM server's primary server
  • Discovery methods configured to scan for systems in the old domain
  • Both SCCM sites are HTTP (not HTTPS)

Any suggestions?  Thanks!!

 

Share this post


Link to post
Share on other sites


Yes! - The schema has been extended, is showing entries for the Secondary sites I've added, plus clients installed onto workstation which are joined to the new domain are working perfectly.  Any suggestions?  Thanks!

Share this post


Link to post
Share on other sites

All PC's on the old domain are visible under devices on the new SCCM? 

Then you should be able to push the client to them from the new SCCM? 

What about new SCCM local Administrator rights on the Pc's in the old domain. Did you add that with a policy and is it effectuated? 

 

Share this post


Link to post
Share on other sites

Yes - In the new SCCM environment, boundaries & discovery are both configured for the old domain and workstations appear under Devices.  I tried migrating another test VM today.  I kept it in the old domain, but ran a script to change it's site code to the new SCCM environment on the new domain (even though staying on the old domain.)  Still no luck.

ClientIDManagerStartup.log keeps showing "RegTask: Failed to refresh MP Error: 0x8000ffff after I migrate it to the new site.

I decided to ensure that the SRV record for the new sitecode was set up correctly in the old domain's DNS and it is.  Attached is a screenshot which I executed from the test VM which I migrated to the new site code upon but was still on the old domain.  The old domain ends in corporate.___.com and the new domain ___health.net.  The new site code is "AH1" which is finds the primary site server (& MP) in the new domain as you can see.  Below that, I queried "AHS" which is the old site code.  This results in displaying the primary of the old domain.  

SRV.png.a75c75866c7a7152ccdd7e2b0986b144.png

Doesn't look like the SRV record is the issue, but if not; why is it still saying "Failed to refresh MP Error"?  Possibly due to permissions (despite being a two way trust between domains) or am I missing a pointer / record somewhere? 

Thanks!

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...