This topic provides information about how to troubleshoot issues with Microsoft System Center Configuration Manager 2007 discovery.
To enable verbose logging for the Data Discovery Manager component, on the site server computer, in the registry key HKLM\Software\Microsoft\SMS\Components\SMS_DISCOVERY_DATA_MANAGER, set Verbose logging = 1.
Discovery Does Not Return Any Results
When you configure Active Directory System Discovery (or Active Directory System Group Discovery or Active Directory User Discovery), you do not see any results in the collections.
Solution
Configuration Manager 2007 might not have access to Active Directory Domain Services. Configuration Manager 2007 must have Read access to the containers that you specify for Active Directory System Discovery, Active Directory System Group Discovery, and Active Directory User Discovery. Configuration Manager 2007 uses the site server computer account to perform Active Directory discovery. When the site server computer account is used in domains other than the domain in which the site server is located, the account must have user rights on those domains. The account must at least be a member of the Domain Users group or local Users group on the domains. Additionally, when the resource is in a different forest than the site server, a forest trust is required between the two forests.
Active Directory Discovery Is Not Returning Specified Attributes
You configure Active Directory User Discovery or Active Directory System Discovery to discover extended Active Directory object attributes, but the attributes you configure are not returned in the discovery information.
Solution
The following types of attributes are supported for Active Directory discovery:
- ADSTYPE_DN_STRING
- ADSTYPE_CASE_EXACT_STRING
- ADSTYPE_CASE_IGNORE_STRING
- ADSTYPE_PRINTABLE_STRING
- ADSTYPE_NUMERIC_STRING
- ADSTYPE_BOOLEAN
- ADSTYPE_INTEGER
- ADSTYPE_UTC_TIME
- ADSTYPE_LARGE_INTEGER
- ADSTYPE_DN_WITH_STRING
The following types of attributes are not supported for Active Directory discovery:
- ADSTYPE_OCTET_STRING
- ADSTYPE_PROV_SPECIFIC
- ADSTYPE_OBJECT_CLASS
- ADSTYPE_NT_SECURITY_DESCRIPTOR
- ADSTYPE_UNKNOWN and ADSTYPE_INVALID
- ADSTYPE_DN_WITH_BINARY
Nonexistent Computers Being Discovered
You have computers that existed at one time but no longer exist on the network, but they are still being discovered.
Solution
Active Directory System Discovery uses two pieces of information to determine whether a computer is a member of a network:
- The account of the computer in Active Directory Domain
Services.
- Successful IP address name resolution.
If Active Directory Systems Discovery can obtain both pieces of information, the computers are discovered and a data discovery record (DDR) is created for each computer. This behavior can be prevented by enabling Domain Name System (DNS) scavenging on your DNS server.
Network Discovery Not Finding Computers
Network Discovery runs but does not find any computers.
Solution
Network Discovery creates a DDR for a resource only if it can positively determine the resource's subnet mask. The subnet mask can be determined if the following conditions are met:
- The client's IP address is listed in a
trusted router's ARP cache, and the router has only a single IP
address on that interface.
- The client has a Simple Network Management
Protocol (SNMP) agent running, and Network Discovery is configured
to use the community name the client is configured for.
- The client is a Microsoft Dynamic Host
Configuration Protocol (DHCP) client.
Note The site server computer account must have domain user credentials in the same domain as the DHCP server.
Network Discovery Cannot Determine Operating Systems
You use Network Discovery to discover computers, but the operating system version information for some discovered computers is not included in the results.
Solution
This behavior occurs when a discovered computer uses the RestrictAnonymous=1 setting. Configuration Manager 2007 does not use the network abstraction layer (NAL) for authentication. Therefore, Network Discovery makes only anonymous connections. To discover the operating system, you must enable an alternative method of discovery, such as Active Directory System Discovery.
Active Directory System Discovery Not Finding All the Computers in the OU
You configure Active Directory System Discovery, and some computers are discovered, but some are not discovered in the organizational unit (OU).
Solution
Active Directory System Discovery creates a DDR for a resource only if it can resolve the name to the IP address by using DNS. If a valid DNS entry does not exist for a computer, Configuration Manager 2007 does not discover the computer, but does create a status message stating there were errors for that computer. You might see these computers referred to as "bogus" in adsysdis.log.