Microsoft KB Archive/249590

= SMS: Parent Is Unable to Update Site Property Comments After a Primary Site Is Restored =

Article ID: 249590

Article Last Modified on 10/25/2006

-

APPLIES TO


 * Microsoft Systems Management Server 2.0 Service Pack 1

-



This article was previously published under Q249590



SYMPTOMS
When the encryption keys for Microsoft Windows NT are modified by the system and Systems Management Server (SMS) is not aware of the changes, Hierarchy Manager can become unable to read encryption, and this can cause updates between sites to cease. When this occurs, the following log file entry may be generated in the Hman.log file:

HMAN: Cannot decrypt the SMS encryption key using the crypto exchange key.

Also, the following warning is logged in the Sitectl.log file:

SITECTRL: WARNING: The "Site Definition" item in a record contained in delta site control file "C:\SMS\inboxes\sitectrl.box\incoming\********.CT1" specifies an invalid public key for decrypting the SMS service account and password. This record and the remaining records in the file are unusable.



CAUSE
Incorrect cryptography keys cause this behavior. There are two possible reasons the cryptography keys have been regenerated and cause this problem.
 * 1) After site restoration the crypto keys are generated on a per-computer, per-Windows NT installation, and per-Windows NT account basis. If you reinstall the operating system, the keys must be regenerated.
 * 2) If Netmeeting 3.x is installed and Remote Desktop sharing is enabled followed by the required reboot then set active, the crypto exchange keys will be regenerated not just once but repeatedly.



RESOLUTION
SMS Service Pack 2 has an updated version of Hierarchy Manager that is capable of detecting when these cryptography keys are invalid and regenerates them allowing SMS to decrypt the account and password and process the Site Property changes.

To resolve this problem, obtain the latest service pack for Systems Management Server version 2.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

236325 How to Obtain the Latest Systems Management Server 2.0 Service Pack



STATUS
Microsoft has confirmed this to be a problem in Systems Management Server version 2.0 This problem was first corrected in Systems Management Server version 2.0 Service Pack 2..



MORE INFORMATION
To install the hotfix, use the following steps on the SMS site server. There is a separate set of steps for sites that use a remote SQL database.

NOTE: This fix requires a site reset so that the Client Access Points (CAPs) will be updated. The hotfix package does not perform a site reset, but there is a dialog box that states that a site reset needs to be carried out. After the script is done, run Setup or Preinst.exe to reset the site.

Local Installation of SQL
 The following services on the Systems Management Server site server must be stopped before applying this fix:  SMS_SITE_COMPONENT_MANAGER SMS_EXECUTIVE "Windows Management" </li> Locate the Basesql.dll, Hman.dll, and Smsprov.dll files in the SMS\Bin\ folder on the SMS site server and rename each file. Copy the newer version of each file that is provided in the fix to the same folder.

NOTE: The provided installer script will update the site server only. The provider computer and remote administrator workstations must be updated manually.

The installer creates text files containing instructions on how to manually update the provider computer and administrator consoles.</li> To support the added objects, the MOF files must be updated. Because these contain information specific to the installed site, some manual editing is required.

NOTE: The installer script does not copy these files. You must do this manually and then make the edits after running the script.

To create a custom Smsprov.mof for the site: <ol style="list-style-type: lower-alpha;"> Copy the new _smsprov.mof file to a temporary folder.</li> Open the file with Notepad.</li> Replace all instances of "REPLACESITECODE" with the site code of the site this fix is being applied to.</li> Replace all instances of "REPLACEPROFICERMACHINE" with the NetBIOS name of the computer that is hosting the provider. With SQL installed on the SMS site server, this is always the site server. With SQL installed remotely, this may or may not be the SQL server. (Look for a folder on the SQL server named SMSPROV\MOFs\ .)</li> Replace "REPLACEPROVIDERFORLOCALSITEFLAG" with "TRUE" if the SQL provider is local or "FALSE" if the SQL server and the provider are remote.</li></ol> </li> Copy the MOF files to the site system(s).

Local SQL: <ol style="list-style-type: lower-alpha;"> Rename the SMS\Bin\ \Smsprov.mof and SMS\Bin\ \Secreg.mof files to Smsprovmof.old and Secregmof.old.</li> Copy the _smsprov.mof and Secreg.mof files to SMS\Bin\ \Smsprov.mof and SMS\Bin\ \Secreg.mof.</li></ol>

Remote SQL and Remote Provider:

<ol style="list-style-type: lower-alpha;"> Follow the "Local SQL" steps above to update the site server.</li> Rename the SMSPROV\MOF's\ \Smsprov.mof file to Smsprovmof.old.</li> Rename the SMSPROV\MOF's\ \Secreg.mof file to Secregmof.old.</li> Copy the Secreg.mof file to SMSPROV\MOF's\ \Secreg.mof.</li> Copy the _smsprov.mof file to SMSPROV\MOF's\ \Smsprov.mof.</li></ol> </li> Recompile the MOF files. These steps are the same for both local and remote SQL installations: <ol style="list-style-type: lower-alpha;"> <li>Open a command prompt and navigate to the SMS\bin\ folder.</li> <li>Run the following command line:

%systemroot%\system32\wbem\mofcomp smsprov.mof

</li> <li>Run the following command line:

%systemroot%\system32\wbem\mofcomp secreg.mof

</li></ol> </li></ol>

Remote Installation of SQL
<ol> <li>Stop the following services on the SMS site server: <ul> <li>SMS_SITE_COMPONENT_MANAGER</li> <li>SMS_EXECUTIVE</li> <li>"Windows Management"</li></ul> </li> <li>Stop the following services on the SQL server: <ul> <li>SMS_SQL_MONITOR_ </li> <li>SMS_EXECUTIVENOTE: The SMS_EXECUTIVE service does not exist on the SQL server unless the system has been specified in the administration console as a Client Access Point (CAP) or any of the senders have been offloaded onto the server.</li></ul>

</li> <li>Replace each file with the newer version provided in the fix. On the SMS site server, replace the Basesql.dll, Hman.dll, and Smsprov.dll files in the SMS\Bin\ folder.

On the SQL server, replace the Basesql.dll and Smsprov.dll files in the SMSPROV\Bin\ folder. Also replace the Basesql.dll file in the SMS_ \Bin\ folder.

The provided installer script updates the site server only. The provider computer and remote administrator workstations must be updated manually. The installer creates text files containing instructions on how to manually update the provider computer and administrator consoles.</li> <li>Copy the MOF files to the site system(s): <ol style="list-style-type: lower-alpha;"> <li>==== On the SMS Site Server ==== </li> <li>Rename the SMS\Bin\ \Smsprov.mof file to Smsprovmof.old.</li> <li>Rename the SMS\Bin\ \Secreg.mof file to Secregmof.old.</li> <li>Copy the _smsprov.mof file to SMS\Bin\ \Smsprov.mof.</li> <li> Copy the Secreg.mof file to SMS\Bin\ \Secreg.mof.

On the SQL Server
</li> <li>Rename the SMSPROV\MOF's\ \Smsprov.mof file to Smsprovmof.old.</li> <li>Rename the SMSROV\MOF's\ \Secreg.mof file.</li> <li>Copy the smsprov.mof file to SMSPROV\MOF's\ \Smsprov.mof.</li> <li>Copy the Secreg.mof file to SMSPROV\MOF's\ \Secreg.mof.</li></ol> </li></ol>

Updating the Smsprov.mof File
To support the added objects, the MOF files must be updated. Because these contain information specific to the installed site, some manual editing is required.

The installer script does not copy these files. You must do this manually and make the edits after running the script.

Create a custom Smsprov.mof file for the site:
 * 1) Copy the new _smsprov.mof file to a temporary folder.
 * 2) Open the file with Notepad (or any text editor).
 * 3) Replace all instances of "REPLACESITECODE" with the site code.
 * 4) Replace all instances of "REPLACEPROVIDERMACHINE" with the NetBIOS name of the computer that is hosting the provider. With local SQL, this is always the site server. With remote SQL, this may or may not be the SQL server. (Look for a folder on the SQL server named SMSPROV\MOFs\ .)
 * 5) Replace "REPLACEPROVIDERFORLOCALSITEFLAG" with "TRUE" if the SQL provider is local or "FALSE" if the SQL server and the provider are remote.

Copy the MOF files to the site system(s):

Local SQL

 * 1) Rename the SMS\Bin\ \Smsprov.mof file to Smsprovmof.old.
 * 2) Rename the SMS\Bin\ \Secreg.mof file to Secregmof.old.
 * 3) Copy the _smsprov.mof file to SMS\Bin\ \Smsprov.mof.
 * 4) Copy the Secreg.mof file to SMS\Bin\ \Secreg.mof.

Remote SQL and Remote Provider

 * 1) Complete the "Local SQL" steps above to update the site server.
 * 2) Rename the SMSPROV\MOF's\ \Smsprov.mof file to Smsprovmof.old.
 * 3) Rename the SMSPROV\MOF's\ \Secreg.mof file to Secregmof.old.
 * 4) Copy the Secreg.mof file to SMSPROV\MOF's\ \Secreg.mof.
 * 5) Copy the _smsprov.mof file to SMSPROV\MOF's\ \Smsprov.mof.

Recompile the MOF files:

Local SQL
<ol> <li>Open a command prompt and navigate to the SMS\bin\ folder.</li> <li>Run the following commands:

%systemroot%\system32\wbem\mofcomp smsprov.mof

%systemroot%\system32\wbem\mofcomp secreg.mof

</li></ol>

Remote SQL and Remote Provider
<ol> <li>Open a command prompt and navigate to the SMSPROV\MOF's\ folder.</li> <li>Run the following commands:

%systemroot%\system32\wbem\mofcomp smsprov.mof

%systemroot%\system32\wbem\mofcomp secreg.mof

</li></ol>

Restart the SMS services that you stopped on the SMS and SQL servers.

Additional query words: prodsms

Keywords: kbqfe kbhotfixserver kbbug kbfix kbsms200fix kbsms200sp2fix KB249590

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.