SMS: Troubleshooting Connectivity to the SMS Site Database

ID: Q201126

The information in this article applies to:
  • Microsoft Systems Management Server version 2.0

SUMMARY

This article provides information on troubleshooting connectivity to a Systems Management Server 2.0 site database using the SMS Administrator console.

Systems Management Server 2.0 uses a combination of the following security mechanisms to enforce security for an SMS site database:

  • File System


  • Windows Management Instrumentation (WMI), Microsoft's implementation of Web-Based Enterprise Management (WBEM)


  • SMS Provider


All security options must be properly configured to enable access to the SMS site database.


MORE INFORMATION

The SMS Administrator console is hosted by the Microsoft Management Console (MMC), a framework for hosting management tools. A console file (that has an extension of .msc) is used to define the contents of the MMC, and can be customized for particular tasks.

To verify access the SMS site database using the SMS Administrator Console, check the following:

  • The user attempting to start the SMS Administrator console must have Read access permissions to the default Sms.msc and Explore.msc files provided in the Drive\Sms\Bin\Platform (where Drive is the drive letter to which Systems Management Server is installed and Platform is the platform on which you are attempting to start the SMS Administrator console) directory on the Systems Management Server 2.0 site server or the local workstation on which the SMS Administrator console and/or the Microsoft Management Console is installed.

    If the user receives the following message when starting the Systems Management Server Administrator Console:
    The selected file is not a Microsoft Management Console document.
    Use File Manager or Windows Explorer to verify file permissions for these files.


  • The user attempting to connect to a Systems Management Server 2.0 site database must also have appropriate WBEM rights to the server where the SMS Provider is located.

    A symptom of not having the required WBEM rights includes receiving the message "Connection Failed" in the SMS Administrator console when attempting to connect to the site database.

    By default, Systems Management Server Setup creates a Windows NT local group named SMS Admins and adds it with the appropriate attributes to WBEM User Manager. Initially, the only user that belongs to this group is the user who installed the Systems Management Server 2.0 site server.
    If this group is intact, simply use Windows NT User Manager to add the desired Windows NT user(s) or global group(s) to this SMS Admins local group.

    If the user has been added to the SMS Admins group and still receives the error "Connection Failed" in the SMS Administrator console, verify that the SMS Admins group has been granted the appropriate WBEM rights on the SMS Site and SMS Provider servers.

    Perform the steps below on the server where the SMS Provider is located.
    NOTE: If you are unsure of the location of the SMS Provider for your site, check the Smssetup.log file on your site server and search for "Provider Location".

    1. Start WBEM Permission Editor. On the Start menu, click Run, then type WBEMPERM and press ENTER.


    2. In WBEM Permission Editor, you will see two panes, one for Users, and one for User Groups. Examine the Groups window and check for the SMS Admins group. If found, verify that the Group Name is spelled correctly.


    3. Select the entry. On the User menu, click Edit Group Properties. Verify that the following options are selected under the Attributes section:

      • Enabled (checked)


      • Execute Methods (checked)


      • Schema Access Level: Write Instance




    4. If the SMS Provider is on a separate server from the Systems Management Server site server (such as the SQL Server), you must also verify that the SMS Admins group has at appropriate WBEM permissions to the local site server. This is because Systems Management Server first must connect to the site server to determine the location of the SMS Provider. Verify this by performing the steps above on the Systems Management Server site server, but ensuring in the Attributes section of the user group properties that the following options are selected:

      • Enabled (checked)


      • Schema Access Level: Read Only.




    If the user or group entries are incorrect or misspelled, they cannot be modified. You must create a new user or group by selecting Add New User or Add New Group from the User menu in WBEM User Manager. After you have added the correct user or group entry, you can delete the incorrect entry by selecting it and clicking Delete on the User menu.

    After verifying file permissions and WBEM security attributes, the user should be able to connect to the SMS site database.


  • The user connecting to the site database must have appropriate access to class and instance level objects in the SMS Administrator console. Symptoms of insufficient rights include the inability to see any objects in the console window.

    The following SMS object types can have security access granted or denied:

    • Collections


    • Packages


    • Advertisements


    • Status Messages


    • Sites


    • Queries


    The steps below walk through granting Class (All Instances) Security Rights for a user or group to the Site object:

    1. Log on as the user who initially installed the Systems Management Server site and connect to the site database. This user by default has full rights to all Systems Management Server objects.


    2. Under the Site Database, go to the Security Rights node and select it.


    3. Right-click Security Rights, point to New and click Class Security Right.


    4. In the Security Right Properties dialog box, specify the following:

      • User name: User or group name, using DOMAIN\USER or DOMAIN\GROUP name syntax.
        NOTE: A method of simplifying administration would be to specify a global user group here, then populate that group with users you want to have this specific set of rights.


      • Object Type: Site


      • Permissions: Administer, Create, Delete, Modify, Read.
        (These are all available rights for this object type.)




    5. Click OK and close the SMS Administrator console.


    6. Log off and log back on as the user you just added the Security Right for.


    7. open the SMS Administrator console. You should be able to view and modify all objects under the Site Hierarchy node.




For additional information about assigning Systems Management Server Security rights, please see the following article in the Microsoft Knowledge Base:
Q199869 SMS: Assigning Class and Instance security rights with the SMS User Wizard
Also, refer to the Systems Management Server 2.0 Administrators Guide or the SMS Administrator Help, available through the SMS Administrator console by clicking Help on the Action menu.

Additional query words: prodsms smssql wbem

Keywords : kbSMS200
Version : winnt:2.0
Platform : winnt
Issue type : kbhowto kbinfo


Last Reviewed: April 23, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.