Web Service SetComputerDescription Fails

Mar 15, 2010 at 2:47 PM
Edited Mar 18, 2010 at 5:13 PM

Hi,

I seem to be having some trouble getting the SetComputerDescription to work.  It only returns "False" and doesn't update.  I have tried several other functions (MoveComputerToOU, etc) and they work correctly.  I can go into AD Users & Computers with the account and set the description, so it doesn't seem like it is a permissions issue.  Has anyone else had this problem?  Thanks.

 

 

Mar 18, 2010 at 5:13 PM

UPDATE:  After turning on debugging on the web service I've discovered that it is having trouble finding the distinguishedname when executing the function.  The strange part is if I execute the DoesComputerExist function it finds it.  Strange.

 

<partial log>

GetDCForSiteCode: Searching for Domain Controllers for Active Directory Site Code <xxx>
GetDCForSiteCode: Found Domain Controller mydomaincontroller.mydomain.com for Site <xxx>
GetDirectoryEntry: Getting Root Entry for Server mydomaincontroller.mydomain.com

Check Existence: Checking existence of objectmydomaincontroller.mydomain.com
Check Existence: Object mydomaincontroller.mydomain.com does exist.
GetDirectoryEntry: Getting Directory Entry for object mydomaincontroller.mydomain.com
GetObjectDistinguishedName: Get distinguished name for Computer "MYSERVER"
GetObjectDistinguishedName: Unable to locate the distinguishedname for the object MYSERVER in the mydomain.com domain

 

GetDirectoryEntry: Getting Directory Entry for object mydomain.com
GetObjectDistinguishedName: Get distinguished name for Computer "myserver"
GetDistinguishedName: Distinguished name is CN=MYSERVER,OU=MYOU,OU=Servers,DC=mydomain,DC=com

<end log file>

I don't get it??

Mar 19, 2010 at 10:31 AM

That`s actually a bit strange. Every object in Active Directory has a distinguished name. Is there any noticeable difference between the two server names? Is one of the servernames by any chance longer than 15 characters?

Mar 19, 2010 at 1:32 PM

I used the same server name for every test.  It is 13 characters long.  It finds it doing the look up for DoesServerExist, it works with the MoveComputerToOU, it just doesn't work with SetComputerDescription.  I have also tried other server names as well (all under 15 characters), with the same results.

Mar 31, 2010 at 1:27 PM

BUMP!

Hey Maik,

Just wanted to see if you've been able to replicate the issue.  It seems to be the way the lookup is being done by the WebService.

Apr 6, 2010 at 11:02 AM

Not really able to replicate it, but I found a small difference in the way the functions are being called. It shouldn't actually make a difference as it is just the order of some calls that differ slightly but I'm still tseting it.

Apr 8, 2010 at 2:00 PM

Excellent!  Just keep me posted.  It is the final piece to my deployment of my host servers, so I'd like to cross it off my list.  Thanks again for all the hard work.  This is truely a useful tool.

May 25, 2010 at 3:58 PM
Ok, so I've finally been able to make the time to get version 7 installed and tested. Unfortunately, I'm still not able to use SetComputerDescription. The trace log still shows "Unable to locate the distinguishedname for the object..." If I use GetComputerDescription, it returns the Distinguished name and the current description. Were you able to fix this??
Jun 23, 2010 at 5:49 PM

I've added a new logging provider and also rewrote a couple functions on the Active Directory part of the webservice.

Want to test the current Beta if it solves your problem?

Regards

Maik

Jun 25, 2010 at 2:25 AM

Sure! I'd love to give it a try.

Jul 19, 2010 at 4:53 PM

Took some more time as expected but find the current beta at http://mdtcustomizations.codeplex.com/releases/view/49187.

Jul 20, 2010 at 2:23 PM
Ok. Just got it loaded up and gave it a try, but it is still failing. I looked at the debug log and noticed that the query that is being used is: (&(objectclass=computer)(|(cn=<mycomputername>)(distinguishedName=<mycomputername>)(sAMAccountName=<mycomputername$>))) This string is returning No object found. Unable to get distinguished name. I noticed that DoesComputerExist uses the exact same string successfully. I then started looking in more detail at the Debug.log and discovered that the two functions are using different roots for the search. DoesComputerExist uses: LDAP://mydomain.com : This is the domain where the server resides, therefore it can find it. SetComputerDescription uses: LDAP://domaincontroller.forestroot.com : The server is not in the forest root. Any thoughts??
Jul 22, 2010 at 10:02 AM

OK, the new logging seems to do a better job ;-)

The "SetComputerDescription" method tries to connect to a Domain Controller for the site that has been configured for the IP Address of the requesting computer. It does this as the computer might just have been created and so it might not be available alrready on other Domain Controllers as well.

If you check the log, you should find a part for "GetSite" and "GetDCForSiteCode". Do they evaluate to the proper values? The further processing should use the servername it got from these methods. So if they return a wrong servername the rest wouldn't be able to properly connect.

Jul 22, 2010 at 3:34 PM
Edited Jul 22, 2010 at 6:56 PM

Hi, I've just loading the Web Services to add Computer Descriptions to AD. I believe the service is configured correctly as I can run the ad.asmx page and successfully add and modify computer descriptions in AD. My problem is with MDT and Task Sequences.

When I run my TS, I get a timeout error:

<![LOG['debug' parameter was specified.]LOG]!><time="08:41:18.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[Property debug is now = TRUE]LOG]!><time="08:41:18.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[Microsoft Deployment Toolkit version: 5.0.1641.0]LOG]!><time="08:41:18.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[The task sequencer log is located at C:\Windows\SysWOW64\CCM\Logs\SMSTSLog\SMSTS.LOG. For task sequence failures, please consult this log.]LOG]!><time="08:41:19.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[SUCCESS: 0: Create object: Set oScriptClass = New ZTISetComputerDescription]LOG]!><time="08:41:19.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[Using DEFAULT VALUE: Ini file = \\MDTW2k8\roll_7x64\Control\CustomSettings.ini]LOG]!><time="08:41:19.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[CHECKING the [SetComputerDescription] section]LOG]!><time="08:41:19.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[About to execute web service call using method POST to http://mdtw2k8/WebSvc/AD.asmx/SetComputerDescription: Computername=WS001DT0060PRD&ComputerDescription=A good Description]LOG]!><time="08:41:19.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="1" thread="" file="ZTISetComputerDescription"> <![LOG[Error executing web service http://mdtw2k8/WebSvc/AD.asmx/SetComputerDescription: The operation timed out (-2147012894)]LOG]!><time="08:41:49.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="3" thread="" file="ZTISetComputerDescription"> <![LOG[Unable to call SetComputerDescription web service.]LOG]!><time="08:41:49.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="2" thread="" file="ZTISetComputerDescription"> <![LOG[ZTI ERROR - Non-zero return code by ZTISetComputerDescription, rc = 1]LOG]!><time="08:41:49.000+000" date="07-22-2010" component="ZTISetComputerDescription" context="" type="3" thread="" file="ZTISetComputerDescription">

Jul 23, 2010 at 7:12 AM

On default, a webservice called by MDT will timeout after 30 seconds. Can you please try to execute the webservice from a remote computer and see how long it takes? If you want, you can use the current beta bits of the upcoming version 7.1 that includes a better logging (download from http://mdtcustomizations.codeplex.com/releases/view/49187). In the log you should be able to see what part takes so much time.

Jul 23, 2010 at 6:45 PM
Edited Jul 26, 2010 at 6:20 PM

The GetSite function sometimes takes over a minute to test all of the AD Sites / subnets for a given IP Address.   I've updated to the Beta WebServices and get the same results.

I don't have much control over the AD envrionment but can I increase the MDT Webservice timeout value?

Jul 26, 2010 at 6:24 PM

I am able to use the scripts and notes in this link http://www.deployvista.com/Home/tabid/36/EntryID/146/language/en-US/Default.aspx to update the Descriptions while I try to work out the TimeOut issues with the webserice.

Jul 27, 2010 at 12:22 PM

Yes, Johans solution is working very nice as it doesn't have the problem to find the local domain controller of the computer.

I've just published a new beta version at http://mdtcustomizations.codeplex.com/releases/view/49187. It contains some improvements on exactly those functions that try to evaluate the local DC/Site. Would you mind giving this a try?

Regards

Maik

Dec 14, 2010 at 8:24 PM

Hey, Not sure if this will be seen or if it will make sense but thought I would give it a shot.

I am trying to use the SetComputerDescription I only have one problem. Our AD forest has a forest dc with child domain and a child of that child. Most accounts and computers reside on the child directly under the forest.

All three of the domains have domain controllers that fall under the same site. So when it queries’s the site domain controller IP it is pulling from the child of the child domain controller and ldap. Thus it can't find the computer object in the child directly under the forest.

Is there a way I can point it to a specific domain controller \ldap in a site?

Brad

Feb 4, 2011 at 7:41 AM

Hi Brad,

sry for the late response. Currently there is no built-in way to point to a specific domain controller. But I plan to release parts of the source code so you would be able to customize it the way you need to have it working.

Regards

Maik