Our company recently had SCCM 2007 installed by a consultant. All ties were cut with the consulting company as they failed on many aspects of this project. At first we started seeing the database being populated by computers in our AD, but upon further comparison we found that not all workstations in AD are in the SCCM database in all we're missing about 220 XP(SP2 & SP3) workstations, some of them are laptops that are in the field and rarely hit our network but most of them are PC's that are in a branch office. we're planning for MS office 2007 company wide, for our exchange 2010 upgrade, our distribution points are ready but we're missing too many machines, our SCCM is really unreliable right now. Is there a log that might help identify why these XP workstations are not being added to the SCCM database? Also, when we delete from AD, it doesnt update the 'deletion' on the database. Is there something that wasnt setup properly? SCCM on Srv 2008 R2, Dual Xeon 2.27Ghz, 5Gb of Ram, site is mixed mode, SQL 2008 is also on the same box.

LT-Velasco, First lets check the discovery option under site management to confirm that the active directory system discovery is "enabled, and set to the appropriate level "active directory container". You can also do a run discovery from the polling schedule tab if you make any changes. Let me know the results at your convenience. Thanks, TomThanks, Tom Ziegler If this post helped, please rate

its set to our root domain: LDAP://DC='Domain name',DC=CA Recursive=Yes, Group=Included If I add a new machine to the domain it will find it during its polling schedule, every hour on the hour. but the machines have have existed for a long time it cant find.

anything in the adsysdis.log? Thanks, Tom Ziegler If this post helped, please rate

It finds alot of our Security Groups, distribution groups, notebooks and PC's AD Discovery under container LDAP://DC='Domain name',DC=CA found 724 objects. INFO:Successfully Completed directory Search INFO:reporting DDRs for 24 systems i also get some errors like this... INFO: discovered object with ADsPath = 'LDAP://SRVDC1.Domain.ca/CN=NB-Notebook1,OU=Notebooks,OU=National Accounts,OU=Branches,DC=Domain,DC=ca' WARN: Could not get property (domain) for system (0x80005010) INFO: discovered object with ADsPath = 'LDAP://SRVDC1.Domain.ca/CN=WS-PC2,OU=computers,OU=TOR,OU=Branches,DC=Domain,DC=ca' WARN: Could not get property (domain) for system (0x80005010) INFO: discovered object with ADsPath = 'LDAP://SRVDC1.Domain.ca/CN=WS-PC3,OU=computers,OU=HAL,OU=Branches,DC=Domain,DC=ca' WARN: Could not get property (domain) for system (0x80005010) ERROR: GetIPAddr - getaddrinfo() for 'WS-PC3.Domain.ca' failed with error code 11004. ERROR: Machine WS-PC2 is offline or invalid. WARN: CADSource::ProcessSystemInfo: Failed to get IP Address for the system. Its a really big log, is there anything specific that I should look for?

Have you seen this link? http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/a6be8c13-334d-4a93-9141-d55d6e5bf441Thanks, Tom Ziegler If this post helped, please rate

If the site system cannot resolve the IP address for the client during discovery, then it does not discover the client. An example of this is in your log snippet above: "ERROR: GetIPAddr - getaddrinfo() for 'WS-PC3.Domain.ca' failed with error code 11004." This is ConfigMgr's way of filtering stale client objects from AD. This could be caused by other things also, like DNS auto-registraion disabled, (poor-quality/old-school) DNS servers that don't support dynmic DNS, dis-joint DNS namespace, poorly implmented name resolution, among others. At the end of the day, ConfigMgr doesn't care why (it can't tell anyway), it simply won't add them to the db. If for whatever reason, you cannot overcome this issue because of your enterprise name resolution strategy (or lack there of), a good alternative is to use a startup script, GPO, or WSUS to install the client -- once the client is installed, it will send a heartbeat discovery to the site and thus be added.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

I didn't see anyone reply to your question, "Also, when we delete from AD, it doesnt update the 'deletion' on the database. Is there something that wasnt setup properly?" ... This is not an instant action. Once a computer has been removed from the network it will age out of SCCM according to your settings defined in the built-in maintenance tasks which can take some time to complete. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Jason, this 'ws-pc3' is a workstation that actually exists, its a workstation on a remote site, and on top of that the console says that it has the client. To add to your comment 'a good alternative is to use a startup script, GPO, or WSUS to install the client -- once the client is installed, it will send a heartbeat discovery to the site and thus be added.' We have tried GPO's and WSUS but didnt get it to work, not even with the consultant doing it. WSUS is on my to do list with SCCM but further on down the road. Workstations/notebooks at remote sites are internet machines that remote in using our company's vpn solution, when sccm discovers that its 'online' it pushes the client out, and it actually installs. I can understand why it might not find this machine and quite a few more, its that these machines are not always on our network. Being on mixed mode as we dont have certificates we cant enable native mode yet. There are also only a few machines that dont have the client, it actually wont install properly so we're replacing the workstations that have this problem. John, Is there a technet article that clearly explains how to setup the 'auto-delete'. I've seen the Site Maintenance tasks but have found little information on how to configure it the way we need it. That or I didn't understand it properly.

That was just an example based on your very small snippet of the discovery log file. My main point was that a system doesn't need to be discovered by AD Discovery for it to be managed by ConfigMgr, as you've found out, and that ConfigMgr doesn't just suck everything from AD into its db. Also, for that specific case, it means that that system isn't currently discoverable, not that it doesn't have the client installed. Those are two very distinct concepts in ConfigMgr that you must separate. In general though, figuring out why a system is not in your database needs be done on a system by system basis starting with the discoveries and your client installation installation methods. Are you solely relying on client push? If so, then it will definitely be hit or miss because client push has dependancies on discovery and client connectivity. Both must be present for a client to be automatically installed which in your case will be problematic. Client push, although automatic, is not a continuous process, it happens on a synchronous basis and it is quite easy for a road warrior to fall in between the very specific times that things happen. That's where the other client installation methods come in which you should really investigate. As for the resource deletion from ConfigMgr, this is controlled by two tasks in ConfigMgr: Delete Aged Discovery Data Task (http://technet.microsoft.com/en-us/library/bb693856.aspx) and Delete Inactive Client Discovery Data Task (http://technet.microsoft.com/en-us/library/bb693646.aspx). A good thing to remember is that AD discovery is not a synchronization, it is a way for ConfigMgr to find potential resources in the environment. Thus, if your AD is not clean, you may end up with a resource coming back even though ConfigMgr has purged it or maybe never going away.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

The easiest thing to do is enable all the built-in tasks with the default settings. Once you get more familiar with SCCM you can begin to tweak them to your environment. The main thing you are concerned with here is the clear install flag task, that will determine how long a machine has to be gone before it's marked as client = no. here's an explanation of all the tasks and what they do: http://technet.microsoft.com/en-us/library/bb632595.aspx John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Let's look specifically at ws-pc3.... I'm not sure I understand the issue with that computer. My understanding of two of your statements conflict. You mention it's not being discovered but then you mention it shows up in the console and is Client = yes. The error in the log you posted seems to indicate that the server can't ping 'WS-PC3.Domain.ca'. Do the server and ws-pc3 have the same DNS suffix (Domain.ca)? John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Hi John, Sorry for the late reply, I've been checking AD & SCCM machine by machine and found that there are less errors than i thought. John, as far as ws-pc3, I can't remember which machine it was that i renamed for the error snippet, but I believe I named two different machines pc3... While I was checking machines, I found that some machines during my AD pull was that over 160 machines were disabled, so thats a good thing for the total count. There are 80 machines that I'm now checking with each office to ensure if they exist, and if not then delete from AD, and when I get the deleting tasks to work, SCCM will should clean itself up, right? I was asked my my management if SCCM logs its db deletions, is there such a log? I think that with all your help, I've gotten this figured out now.

Sorry, I'm behind on email... Yes SCCM should clean itself up if you've enabled all the built-in maintenance tasks. I don't know of a place where deletions are logged but it's likely that's logged somewhere. Have you looked at oldcmp.exe for reporting on the possible dead machines in AD? John Marcum | http://myitforum.com/cs2/blogs/jmarcum |