Article: Q249590
Product(s): Microsoft Systems Management Server
Version(s): 2.0 SP1
Operating System(s):
Keyword(s): kbsms200bug kbsms200fix kbsms200sp2fix
Last Modified: 06-AUG-2002
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Systems Management Server version 2.0 SP1
-------------------------------------------------------------------------------
SYMPTOMS
========
When the encryption keys for Microsoft Windows NT are modified by the system and
Systems Management Server (SMS) is not aware of the changes, Hierarchy Manager
can become unable to read encryption, and this can cause updates between sites
to cease. When this occurs, the following log file entry may be generated in the
Hman.log file:
HMAN: Cannot decrypt the SMS encryption key using the crypto exchange key.
Also, the following warning is logged in the Sitectl.log file:
SITECTRL: WARNING: The "Site Definition" item in a record contained in delta
site control file "C:\SMS\inboxes\sitectrl.box\incoming\********.CT1"
specifies an invalid public key for decrypting the SMS service account and
password. This record and the remaining records in the file are unusable.
CAUSE
=====
Incorrect cryptography keys cause this behavior. There are two possible reasons
the cryptography keys have been regenerated and cause this problem.
1. After site restoration the crypto keys are generated on a per-computer,
per-Windows NT installation, and per-Windows NT account basis. If you
reinstall the operating system, the keys must be regenerated.
2. If Netmeeting 3.x is installed and Remote Desktop sharing is enabled followed
by the required reboot then set active, the crypto exchange keys will be
regenerated not just once but repeatedly.
RESOLUTION
==========
SMS Service Pack 2 has an updated version of Hierarchy Manager that is capable
of detecting when these cryptography keys are invalid and regenerates them
allowing SMS to decrypt the account and password and process the Site Property
changes.
To resolve this problem, obtain the latest service pack for Systems Management
Server version 2.0. For additional information, click the following article
number to view the article in the Microsoft Knowledge Base:
Q236325 How to Obtain the Latest Systems Management Server 2.0 Service Pack
STATUS
======
Microsoft has confirmed this to be a problem in Systems Management Server
version 2.0. This problem was first corrected in Systems Management Server
version 2.0 Service Pack 2.
MORE INFORMATION
================
To install the hotfix, use the following steps on the SMS site server. There is
a separate set of steps for sites that use a remote SQL database.
NOTE: This fix requires a site reset so that the Client Access Points (CAPs) will
be updated. The hotfix package does not perform a site reset, but there is a
dialog box that states that a site reset needs to be carried out. After the
script is done, run Setup or Preinst.exe to reset the site.
Local Installation of SQL
-------------------------
1. The following services on the Systems Management Server site server must be
stopped before applying this fix:
- SMS_SITE_COMPONENT_MANAGER
- SMS_EXECUTIVE
- "Windows Management"
2. Locate the Basesql.dll, Hman.dll, and Smsprov.dll files in the
SMS\Bin\<Platform> folder on the SMS site server and rename each file.
Copy the newer version of each file that is provided in the fix to the same
folder.
NOTE: The provided installer script will update the site server only. The
provider computer and remote administrator workstations must be updated
manually.
The installer creates text files containing instructions on how to manually
update the provider computer and administrator consoles.
3. To support the added objects, the MOF files must be updated. Because these
contain information specific to the installed site, some manual editing is
required.
NOTE: The installer script does not copy these files. You must do this
manually and then make the edits after running the script.
To create a custom Smsprov.mof for the site:
a. Copy the new _smsprov.mof file to a temporary folder.
b. Open the file with Notepad.
c. Replace all instances of "REPLACESITECODE" with the site code of the site
this fix is being applied to.
d. Replace all instances of "REPLACEPROFICERMACHINE" with the NetBIOS name of
the computer that is hosting the provider. With SQL installed on the SMS
site server, this is always the site server. With SQL installed remotely,
this may or may not be the SQL server. (Look for a folder on the SQL
server named SMSPROV\MOFs\<SiteCode>.)
e. Replace "REPLACEPROVIDERFORLOCALSITEFLAG" with "TRUE" if the SQL provider
is local or "FALSE" if the SQL server and the provider are remote.
4. Copy the MOF files to the site system(s).
Local SQL:
a. Rename the SMS\Bin\<Platform>\Smsprov.mof and
SMS\Bin\<Platform>\Secreg.mof files to Smsprovmof.old and
Secregmof.old.
b. Copy the _smsprov.mof and Secreg.mof files to
SMS\Bin\<Platform>\Smsprov.mof and
SMS\Bin\<Platform>\Secreg.mof.
Remote SQL and Remote Provider:
a. Follow the "Local SQL" steps above to update the site server.
b. Rename the SMSPROV\MOF's\<SiteCode>\Smsprov.mof file to
Smsprovmof.old.
c. Rename the SMSPROV\MOF's\<SiteCode>\Secreg.mof file to
Secregmof.old.
d. Copy the Secreg.mof file to SMSPROV\MOF's\<SiteCode>\Secreg.mof.
e. Copy the _smsprov.mof file to SMSPROV\MOF's\<SiteCode>\Smsprov.mof.
5. Recompile the MOF files. These steps are the same for both local and remote
SQL installations:
a. Open a command prompt and navigate to the SMS\bin\<Platform> folder.
b. Run the following command line:
"%systemroot%\system32\wbem\mofcomp smsprov.mof" (without the quotation
marks)
c. Run the following command line:
"%systemroot%\system32\wbem\mofcomp secreg.mof" (without the quotation marks)
Remote Installation of SQL
--------------------------
1. Stop the following services on the SMS site server:
- SMS_SITE_COMPONENT_MANAGER
- SMS_EXECUTIVE
- "Windows Management"
2. Stop the following services on the SQL server:
- SMS_SQL_MONITOR_<Site Server Name>
- SMS_EXECUTIVE
NOTE: The SMS_EXECUTIVE service does not exist on the SQL server unless the
system has been specified in the administration console as a Client Access Point
(CAP) or any of the senders have been offloaded onto the server.
3. Replace each file with the newer version provided in the fix. On the SMS site
server, replace the Basesql.dll, Hman.dll, and Smsprov.dll files in the
SMS\Bin\<Platform> folder.
On the SQL server, replace the Basesql.dll and Smsprov.dll files in the
SMSPROV\Bin\<Platform> folder. Also replace the Basesql.dll file in the
SMS_<SiteServername>\Bin\<Platform> folder.
The provided installer script updates the site server only. The provider
computer and remote administrator workstations must be updated manually. The
installer creates text files containing instructions on how to manually
update the provider computer and administrator consoles.
4. Copy the MOF files to the site system(s):
On the SMS Site Server:
a. Rename the SMS\Bin\<Platform>\Smsprov.mof file to Smsprovmof.old.
b. Rename the SMS\Bin\<Platform>\Secreg.mof file to Secregmof.old.
c. Copy the _smsprov.mof file to SMS\Bin\<Platform>\Smsprov.mof.
d. Copy the Secreg.mof file to SMS\Bin\<Platform>\Secreg.mof.
On the SQL Server:
e. Rename the SMSPROV\MOF's\<SiteCode>\Smsprov.mof file to
Smsprovmof.old.
f. Rename the SMSROV\MOF's\<SiteCode>\Secreg.mof file.
g. Copy the smsprov.mof file to SMSPROV\MOF's\<SiteCode>\Smsprov.mof.
h. Copy the Secreg.mof file to SMSPROV\MOF's\<SiteCode>\Secreg.mof.
Standalone Administrative Computers
-----------------------------------
Updating the Smsprov.mof File:
To support the added objects, the MOF files must be updated. Because these
contain information specific to the installed site, some manual editing is
required.
The installer script does not copy these files. You must do this manually and
make the edits after running the script.
Create a custom Smsprov.mof file for the site:
1. Copy the new _smsprov.mof file to a temporary folder.
2. Open the file with Notepad (or any text editor).
3. Replace all instances of "REPLACESITECODE" with the site code.
4. Replace all instances of "REPLACEPROVIDERMACHINE" with the NetBIOS name of
the computer that is hosting the provider. With local SQL, this is always the
site server. With remote SQL, this may or may not be the SQL server. (Look
for a folder on the SQL server named SMSPROV\MOFs\<SiteCode>.)
5. Replace "REPLACEPROVIDERFORLOCALSITEFLAG" with "TRUE" if the SQL provider is
local or "FALSE" if the SQL server and the provider are remote.
Copy the MOF files to the site system(s):
Local SQL:
1. Rename the SMS\Bin\<Platform>\Smsprov.mof file to Smsprovmof.old.
2. Rename the SMS\Bin\<Platform>\Secreg.mof file to Secregmof.old.
3. Copy the _smsprov.mof file to SMS\Bin\<Platform>\Smsprov.mof.
4. Copy the Secreg.mof file to SMS\Bin\<Platform>\Secreg.mof.
Remote SQL and Remote Provider:
1. Complete the "Local SQL" steps above to update the site server.
2. Rename the SMSPROV\MOF's\<SiteCode>\Smsprov.mof file to Smsprovmof.old.
3. Rename the SMSPROV\MOF's\<SiteCode>\Secreg.mof file to Secregmof.old.
4. Copy the Secreg.mof file to SMSPROV\MOF's\<SiteCode>\Secreg.mof.
5. Copy the _smsprov.mof file to SMSPROV\MOF's\<SiteCode>\Smsprov.mof.
Recompile the MOF files:
Local SQL:
1. Open a command prompt and navigate to the SMS\bin\<Platform> folder.
2. Run the following commands:
"%systemroot%\system32\wbem\mofcomp smsprov.mof" (without the quotation
marks)
"%systemroot%\system32\wbem\mofcomp secreg.mof" (without the quotation marks)
Remote SQL and Remote Provider:
1. Open a command prompt and navigate to the SMSPROV\MOF's\<SiteCode>
folder.
2. Run the following commands:
"%systemroot%\system32\wbem\mofcomp smsprov.mof" (without the quotation
marks)
"%systemroot%\system32\wbem\mofcomp secreg.mof" (without the quotation marks)
Restart the SMS services that you stopped on the SMS and SQL servers.
Additional query words: prodsms
======================================================================
Keywords : kbsms200bug kbsms200fix kbsms200sp2fix
Technology : kbSMSSearch kbSMS200SP1
Version : :2.0 SP1
Issue type : kbbug
Solution Type : kbfix
=============================================================================