Re: SCCM with a remote SQL instance problems (IT IS NOT A WARNING)
- From: BGam <BGam@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Oct 2009 14:24:02 -0700
The point of the stuff below is this the WARNING if you get it from the
PreReq check is not a WARNING it is a FAILURE. Make the SQL Server you are
using Remotely use (WINDOWS AUTHENTICATION ONLY)
I was also having the issue with the following setup.
1) All VMware Servers
2) Database server (Windows 2008 x64, SQL Server 2008 SP1 x64 w/4 named
instances and SQL Server 2005 SP3 x64 w/3 named instances - all mixed moded
authenticaion)
4) SCCM Server (Windows 2008 x64, SCCM 32bit)
5) All the pre-reqs were in place. The Administrative rights for the service
account that was going to run SCCM, WebDAV for IIS, SPN(s) for the service
account the run the SQL Server Service on the server, Domain Memberships, AD
Scheme extentions, updates (KB911897, 912818, 913538, 914389, 925903 &
932303), Short file name support, MMC version 3.0, Microsoft .NET, XML Core
Services 6.0, WSUS SDK, WSUS 3.0, Windows Remote Management, Widnows Remote
Differential Compression, MMC and .NET Updates, SQL Server Admin Permissions,
Site Computer Admin permissions, Database Server Local Administrative
permissions, IIS, BITS and WebDAV (stated earlier) are all enabled and passed.
6) For permissions I had the SCCM server as a local Administrator on the
Database server and the AD account I was using to install SCCM as a local
Administrator as well on the Remote Database Server.
7) For the Database permissions I had the AD Account I was installing SCCM
with as a sysadmin and the <domain>\computer$ name as a sysadmin as well on
the database.
8) The Port for the SQL server is Dynamic set and the SQL Browser serivce
keeps track of the instances. To get the Dynamic Port for the SQL instance
you are using open your SQL Configuration Manager and go to your SQL instance
TCP/IP Protocal Properties and scroll all the way to the bottom until you see
Dynamic Port on the Left. That is the port you need for the next step.
9) The SPN(s) were made as the following (##### = Dynamic Port).
MSSQLSvc/SERVER:#####, MSSQLSvc/SERVER.<Domain>.local:#####,
MSSQLSvc/SERVER:<InstanceName>,
MSSQLSvc/SERVER.<Domain>.local:<InstanceName>. (NOTE: The service account
they are refering to is the Service Account that starts up the SQL Service on
the Database server not the Account that is going to be the Service Account
for SCCM).
10) AD Scheme was extended and I created a "System Management" object under
CN=System with the ADSI Edit tool. The properties of the "System Management"
object had the SCCM Server added to the Security Tab with Full Control.
11) Probably missing few items but that is enough detail :)
After many trial and error installs I came to the conclusion that all the
above items were setup correctly. There had to be something else wrong. The
only (WARNING) I got from the PreReq check is that the SQL Server was in
Mixed mode. I had tried everything and it always failed at the SMS Provider.
I could not get the $%@! thing to work. I had tried install it 18 times and
was fed up. I came across the the anonymous authentication issue while trying
to authenticate against SQL. I had read many posts about tracing the logs to
find out was failing to Authenticate. I read everyone elses logs and decided
I did not need to do this because all there logs showed the same results.
Instead of messing around with all that I decided to Install another instance
onto one of our servers this time I used (Windows Authentication Only) not
mixed mode. I had to install the new instance because we had databases that
used both authetication methods on the other instances. This resolved my
issue on the first run. Not one failure or WARNING as Microsoft calls it
during the PreReq check. Microsoft needs to fix this some how it should not
be a WARNING the WARNING made me lose a whole day of work and a co-work about
another 2 days if not more.
"Garth" wrote:
There is something miss configured as you should not need Anonymous.
setup at all. For that matter it will allow anyone to have full access
to the SQL server and that is not a good idea.
Is this a cluster SQL setup?
"TCLIndianaNewb" <rfwolf@xxxxxxxxx> wrote in message
news:72273e58-212c-4609-85f3-d943997bf0de@xxxxxxxxxxxxxxxxxxxxxxxxxxxx:
Thanks for all the discussion.
I think I granted the computer account of my SCCMSERVER as a local
admin on my SCCMSQLSERVER so on the sccmsqlserver in local admin group
I have my sccmserver$ computer account. Is that what you mean Garth?
I installed the site server with the domain admin account so it does
have sysadmin right on both the site server and on the SQL server, I
used SQL Management Studio to check that, under properties of
"sysadmin" under "rolls" I have...
sa
builtin\administrators
nt authority\system
2 sql accounts, they have LONG strings, sqlusrs and agent users
mydomain\administrator
and...unfortunately "nt authority\anonymous logon" because it won't
work unless i have that account in there.
--
Garth Jones
Chief Architect
www.Enhansoft.com
Enhancing Your Business
- Next by Date: Replacement
- Next by thread: Replacement
- Index(es):
Relevant Pages
|
Loading
