Hi,

I recently upgrade my System Center Virtual machine manager 2012(RTM) to SP1(RTM) with I install on Windows Server 2012 Enterprise and followed upgarde procedure. It was successfully upgrade to SP1(RTM) with out any error. But when I start my Virtual Machine Manager server it gives me error that it's service not able to start. I tried many different way but i didn't get success to make it work. Finally I uninstall VMM2012 SP1(RTM) with database and freshly install VMM2012 SP1 (RTM). This my it works perfectly.

Now I install App Controller 2012 SP1(RTM) on different VM. It started successfully. I can able to link Public cloud my Windows Azure subscription successfully. Now I can manage all my VM of Windows Azure from my App Controller with out any issue. But when I try to connect to my Virtual machine Manager server to get and manage my private cloude it gives me below error.

Category: Critical
Description: Connection attempt to the target system failed.
Details: Category: Critical
Message: 1604ConnectServerAuthenticationFailed
Description: You cannot access VMM management server VMM2012SRV.xyz.com.
Details: Category: Critical
Message: System.ServiceModel.CommunicationException
Description: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:05:28.5560000'.

Category: Critical
Message: System.IO.IOException
Description: The read operation failed, see inner exception.

Category: Critical
Message: System.ServiceModel.CommunicationException
Description: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:05:28.5560000'.

Category: Critical
Message: System.Net.Sockets.SocketException
Description: An existing connection was forcibly closed by the remote host

I added my admin id as a local administrator on VMM server and App Controller server. I make administrator my admin user as a VMM Administrator. I tried amy other ways but I got the same error.

Is any one having same problem ? Is any one know what will be problem for this error I am having here ?

I will be very thankfull if anyone reply me with solution for this problem.

Thanks & Regards,

Te

Hello.

Issue 3 from http://support.microsoft.com/kb/2686249

If System Center App Controller and the VMM Server are installed on separate servers, single sign-on does not work when App Controller is used.

So, in UR1 for SC 2012 issue was fixed, but in SP1 present again.

Solution  is to disable SSO and use Basic Authentification or install App Controller on VMM server, but be aware 443 port VMM used for BITS.

Please, correct me if I wrong. Thank you.

• Edited by OlegIvanovych Monday, February 04, 2013 12:08 AM

Hello.

Issue 3 from http://support.microsoft.com/kb/2686249

If System Center App Controller and the VMM Server are installed on separate servers, single sign-on does not work when App Controller is used.

So, in UR1 for SC 2012 issue was fixed, but in SP1 present again.

Solution  is to disable SSO and use Basic Authentification or install App Controller on VMM server, but be aware 443 port VMM used for BITS.

Please, correct me if I wrong. Thank you.

Hello.

Issue 3 from http://support.microsoft.com/kb/2686249

If System Center App Controller and the VMM Server are installed on separate servers, single sign-on does not work when App Controller is used.

So, in UR1 for SC 2012 issue was fixed, but in SP1 present again.

Solution  is to disable SSO and use Basic Authentification or install App Controller on VMM server, but be aware 443 port VMM used for BITS.

Please, correct me if I wrong. Thank you.

• Edited by OlegIvanovych Monday, February 04, 2013 12:08 AM

Hello.

Issue 3 from http://support.microsoft.com/kb/2686249

If System Center App Controller and the VMM Server are installed on separate servers, single sign-on does not work when App Controller is used.

So, in UR1 for SC 2012 issue was fixed, but in SP1 present again.

Solution  is to disable SSO and use Basic Authentification or install App Controller on VMM server, but be aware 443 port VMM used for BITS.

Please, correct me if I wrong. Thank you.

• Edited by OlegIvanovych Monday, February 04, 2013 12:08 AM

Hi OlegIvanovych,

you are absolutely right. It fix the problem in SP1 if I remove SSO and make it Basic Authentication. But I need SSO for users to manage Cloud service without entering credential everytime when they open App Contorller in browser.

Anyway this artical fix my current problem which break my APP Controller and VMM connection after update to SP1.

Thanks again,

Tej Shah.

Hi Tej Shah and Oleglvanovych,

After upgrading to SP1 did either the account that the VMM services are using, or the host of the VMM server change?

Depending on how constrained delegation is configured, if either of these have changed then it may be necessary to update the constrained delegation.

We're not currently aware of anything that prevents single sign on working in SP1.

Can you share some information about your environment, in particular do you have a single forest and single domain?

Kind Regards,

Richard 

Hi Richard,

After upgrade VMM service account did not change. Before SP1 we don't have enabled SSO. Steps in constrained delegation gave me nothing.

Yes, we have single forest and single domain on Windows Server 2008 R2 with Windows Server 2008 functional level. VMM its first Windows Server 2012 in domain.

Thanks for answer.

Hi Tej Shah,

I'm glad to help.

Hi,

I'm adding an image of what a typical constrained delegation configuration will look like.

There should be 2 services that show up in the constrained delegation settings for the App Controller server:

• HOST / SPN
• CIFS

If VMM is running as local system, in the screenshot below instead of SCVMM it should say HOST. If VMM is running under a domain account then it will be the SPN (SCVMM by default).

If VMM is running under a domain account then youll want the SPN listed (per the screenshot).

The CIFS entry is for file sharing, and lets App Controller interact with the VMM Library. The SPN / HOST entry lets App Controller interact with the VMM Server (login, get-VMs etc). If you dont have a HOST / SPN entry, attempting to connect to VMM immediately fails.

In this example there are 2 additional CIFS entries because there are file shares/VMM Library servers.

Kind Regards,

Richard

Hi Richard

I have this in another post, but wondering if any of you fixed it? I have all set as above (and a case with PSS), but doesn't seem to work when SSO is enabled.

The funny things is that it stopped working after I reinstalled VMM (with the same account, VMM only, not the Servers themselves).

SPNs look good, I can open remote consoles, I can use orchestrator remotely to trigger VMM tasks and I have PRO configured from SCOM.

Only app controller complains with the message above.

Ideas?

Well, I had a case open with MS but had nothing figured out on that side. Decided to start trying a few things. Added mostly the same delegation (SCVMM and CIFS) to my service account, this time in the VMM computer account. Magic! I can use SSO again! Console still works. Couldn't find any collateral effects yet.

Just sent PSS a note, waiting to see what they say.

Thank you,

Jose