Hi, I'm struggling with a Schema extension problem that I haven't found a solution to. The scenario is that I'm configuring a new SCCM 2007 environment with one domain controller (Server 2008) and one SCCM server (Server 2008). The AD Schema has successfully been extended on the AD server. I have verified that in the log file which the system created in C:\. Then I run the prerequisite checker module to see that my SCCM machine is good to go and have all the components that is necassary for it to work. Everything is looking good except for the schema extension which it's complaining about. I tried to run the prerequisite checker module on the AD machine (saw that tip in another thread). Now I didn't get the schema extension warning. How come? It almost seems like there is an AD communication problem between the two servers? Also I have set the permissions on the System Management container according to the article on Technet. On line 7 it says "In the Apply onto list, select This object and all child objects." In server 2008 permission dialog it says "This object and all descendant object". I guess this option is equivalent to the first option but with slightly different wording? Any help is greatly appreciated! /Fredrik

Hi, What is the warning or error? Also verify the ConfigMgrPrereq.log and the ConfigMgrSetup.log The "This object and all descendant object" option is indeed equivalent to the option "This object and all child objects".

Hi, In ConfigMgrPrereq.log and ConfigMgrSetup.log I can verify the following error: Unable to connect to RootDSE - Cannot verify Active Directory. Error code = 1355. First I thought this problem was related to the DNS functionality but now I have verified that it's probably not. What could it else be? /Fredrik

Well this error means: "The specified domain either does not exist or could not be contacted." Check your network infrastructure and if your DC is online.

Hi Jannes, The domain does exist very much. Otherwise I wouldn't have been able to join my computers into the domain. And my DC is online as well. Regards, Fredrik

When we saw this in another site it was caused by the 2008 Firewall. Dropping the firewall and trying again..poof the problem was gone. Drop it and retest..

Yup, I just tested this also (I was just setting up my first site in Windows Server 2008) and experienced the same thing. Something in the Windows Server 2008 firewall rules are blocking the extension utility (Extadsch.exe) from accessing the DC (even on a single box). Simpy disable the firewall, extend the schema, and then re-enable the firewall again.

Wally, thanks for your reply confirming it could be an issue extending the schema on server 2008 if all necessary conditions are not met. Finally I got it to work. It turned out to be an permission issue! Cheers! Fredrik

A permissions issue that prevented you from extending the schema? If so, can you list what you had to change so that we have it recorded for future searching :-)

Same error here. Killed the firewall on both the DC and the SCCM machine but no luck. So what was the permission issue?????

Have you verified that you are actually logged on to the server as an Domain Admin? Server 2008 fooled me on this one. My intention was to log on to one of my servers with the Administrator account. But in reality it turned outI was logged on locally on the machine. Right under the login form intended for username and password, it says "log on to: domain name". Great I thought. I want to log on to the domain. I started writing Administrator and the correct password. When I wrote the "r" in Administrator in changes to "log on to: machine name". This can be very hard to discover if you are not looking at the screen the whole time. I hope it works out for you! Cheers!

still the same, firewalls are off, i open a command prompt and it tells me c:\users\administrator.test so i am logged on to the "test" domain. indeed saw the thing you mentioned. Weird.... But still the line in the extadsch.log stating it didn't work. It created all the attributes and stuff. When i run the prereq check it tells me everything is OK. So was it the firewall or the domain admin? I'll pay better attention when the next installation comes along Thanks!

I had the same error. I extended the schema from the AD (2003 R2) and it was successful, but i still got the error. However, when i tuned off the firewall on the server i was installing SCCM on (2008) the check went through ok. Thanks for the info!