Hi All, I am having 1 Central,2 Primary and 10 Secondary SCCM Servers.For one Secondary server,I am getting the following error message at the interval of 1 Hour repeatedly.There is a Security group for which all SCCM Secondary servers are the member.This Security group is having full permission on System Management Container in AD and even its having full permission in Advanced that is "This object and all of its child object.SCCM Secondary server in which I am facing this issue, in this Primary reporting server is the member in "SMS_SiteToSiteConnection_KTA" and even member of Local Administrator group on this server. Please see the complete error below, what could be the issue for this. Systems Management Server cannot update the already existing object "SMS-Site-KTA" in Active Directory. Possible cause: This site's SMS Service account or the site server's machine account may not have full control rights for the "System Management" container in Active Directory Solution: Give the site's SMS Service account full control rights to the "System Management" container, and all child objects in Active Directory. Possible cause: The Active Directory object "SMS-Site-KTA" has been moved to a location outside of the "System Management" container, or has been lost. Solution: Delete the object from its current location, and let SMS create a new object. Possible cause: The Active Directory schema has not been extended with the correct SMS Active Directory classes and attributes. Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended. The schema can be extended with the tool "extadsch.exe" from the SMS CD.Thanks & Regards Deepak Kumar

Hi Alan, Thanks for the reply. I think you are right. I will check your suggestions and will let you know the update on this. But before we give permission to the secondary site server computer account on System Management container in AD,so do we need to remove this secondary server computer account from the Security group first and then add or directly I can add this secondary server computer account to the local DC without removing this secondary server from SG group?Thanks & Regards Deepak Kumar

Hi Torste / All, I have added the computer account and given full rights and even to "This object and all child objects" for this computer account.Still I am getting the same error at the interval of every 1 Hour. What could be the cause? Thanks & Regards Uttam

Did you check the sitecomp.log? It will show you the error code for the failure of site system publishing in AD. If the error code is 5 (Access denied) then it could still be permission’s issue. Also check hman.log will also give some clues. Regards, Madan | www.madanmohan.com

You would have to reboot the computer if you added it to a group and granted permissions to that group. Make sure that you followed http://technet.microsoft.com/en-us/library/bb632591.aspx and http://technet.microsoft.com/en-us/library/bb633169.aspx exactly.

Hello Torsten/ All, I have followed exactly the same steps according to the MS-link given above and after performing the steps I have rebooted the Secondary server but still the same problem persists and the error is at the interval of 1 Hr. Out of 10 Secondary servers we are getting this error only for 1 Secondary server. Any other thoughts?Thanks & Regards Uttam

Did you check the sitecomp.log? what is the error code there? Regards, Madan | www.madanmohan.com

I am not getting any error in sitecomp.log but below is the error which I see in hman.log SMS-Site-KTA could not be updated, error code = 8203.Thanks & Regards Uttam

Please check these: http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/81c0cc5f-4125-4089-b6f4-7df32a4be607 http://social.technet.microsoft.com/Forums/en/configmgrsetup/thread/8edae828-103b-46d1-b8f5-fd05d1234ac7 Regards, Madan | www.madanmohan.com

Error Code 8203 System error code 8203 means "The attribute syntax specified to the directory service is invalid." Regards, Madan | www.madanmohan.com

SMS-Site-KTA could not be updated, error code = 8203. Did you upgrade the schema for ConfigMgr at all?

Hi Torsten, Schema was already extended at the time of ConfigMgr Site installation successfully.Thanks & Regards Uttam

Hi All, Any thoughts on the above mentioned query.Thanks & Regards Uttam

Dear Uttam Check this thing i also faced the same error with my secondary site which was throwing the same error when i checked the permissions it was only on the system management container not on child objects for this site i applied permssions to the child objects the error was gone and site status went to ok. This site's SMS Service account or the site server's machine account may not have full control rights for the "System Management" container in Active Directory Solution: Give the site's SMS Service account full control rights to the "System Management" container, and all child objects in Active Directory Regard Farhan

Hello Farhan, My all the Secondary site server is the member of one Security group and that SG has Full control on System Management container in AD.Moreover "This object and all of its child objects" has already been selected for this SG on System Management container.Still I get the error at the interval of every one hour. Any other ideas would be appreciated!!!!!!!!!!!!Thanks & Regards Uttam