In our SCCM 2012 R2 CU1 environment, recently started getting the following error for the AD system discovery:
Active Directory System Discovery Agent failed to bind to container
LDAP://DC=domain,DC=com. Error: The server does not support the requested critical extension.
.
Possible cause: The AD container specified earlier might be invalid now. The Domain Controller is inaccessible.
Solution: Please verify that the AD container paths specified are valid. Confirm accessibility of the site server to the Domain Controller to be queried.
So, any systems that have been recently added in active directory are not being discovered.
There are no errors in the ddm.log.
In the adsysdis.log:
Valid Search Scope Name: LDAP://DC=domain,DC=com
Search Path: LDAP://DC=domain,DC=com IsValidPath: TRUE SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:00:01 PM 14848 (0x3A00)
INFO: Bound to 'LDAP://DC01.domain.com/DC=domain,DC=com' SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:00:01 PM 14848 (0x3A00)
ERROR: Failed to enumerate directory objects in AD container LDAP://DC=domain,DC=com SMS_AD_SYSTEM_DISCOVERY_AGENT 4/8/2015 2:15:27 PM 14848 (0x3A00)
The settings for the AD container for the discovery are: recursively search AD child containers and discover objects within AD groups are both checked. We are using the computer account of the site server.
We have one primary site. Our AD folks have said that the site server does have read access, so that should not be an issue.
Other recent topics
