Tuesday, January 23, 2007

Day 8: Critical Error 4909

So today my test site server was showing critical error 4909 with description:

SMS Systems Management Server could not locate the "System Management" container in Active Directory. Nor could it create a default container. This will prevent Site Component Manager from updating or adding any objects to Active Directory.

Possible cause: This site’s SMS Service account or the site server’s machine account might not have the correct rights to update active directory.

Solution: Either give the Service Account rights to update the domain's System Container, or manually create the "System Management" container in this domain's Active Directory system container, and give the Service Account full rights to that container (and all children objects.)

Since I’m knew at this stuff I had to figure out what it meant to give rights to the system account in AD.

Well after a bit of googling (googled: create the System Management container, 5th link down), I came across this Microsoft KB article.


Step by step instructions. Basically in AD, you have to give the computer that SMS installed on, rights to the “System” folder aka container. Make sure you give it permissions to all child objects as well. If you’ve done it right, there is a new container object under System called…..System Management

The end of the instructions instruct you to Restart the SMS Site Component Manager service to start updating Active Directory. Of course Microsoft fails to mention how to do this, and the only people who need to know are the ones who don’t have SMS working i.e. meaning people who just installed it and may not know how to check a SMS service. Guess I can be nice and tell you. Back in the SMS console expand the site database>Tools>SMS Service Manager. You’ll see an empty pane. Very intuitive isn’t it? Anyways right click in the empty pane>All Tasks> Start SMS Service Manager. Expand your site>Servers> Machine name of your site> Pick the SMS_SITE_COMPONENT_MANAGER. Now things get really silly. You can’t tell if it’s running or not unless you query it first. Pick the component from the rights side and hit the query (!) button. Now that you can see it running, you can stop it. You’ll have to query it again to see that it actually did stop. Then you can hit Start, query it again to make sure it started. Now switch back to AD and check your new System Management container to see if SMS has put anything in there.

No comments: