How do I create the certificate for SCCM to be able to connect to SQL 2012 Cluster

I have recently moved my 2012 SCCM database across from one SQL cluster to another.

When SCCM was installed to the original cluster it created a self signed certificate on my first SQL server allowing the connection to take place (as far as I know)

How do I create a self signed certificate for SCCM to use to connect to the Cluster address instead of one of the nodes in my cluster ?

otherwise I get the below errors upon installation

Permissions are set on the SQL server for all the accounts and servers in question, access s available through our firewall. I just cannot create the self signed certificate for the SQL cluster address

To explain further 

Cluster address: no certificate

Node 1: has self signed certificate

Node 2: has self signed certificate

The name i am trying to connect to through the configuration manager sql database is the cluster name which i am guessing is why the error "principal name is incorrect"

*** Failed to connect to the SQL Server, connection type: SMS ACCESS. Configuration Manager Setup 7/29/2015 3:45:37 PM 5864 (0x16E8)
INFO: SQL Connection failed. Connection: SMS ACCESS, Type: Secure Configuration Manager Setup 7/29/2015 3:45:37 PM 5864 (0x16E8)
*** [08001][-2146893022][Microsoft][SQL Server Native Client 11.0]SSL Provider: The target principal name is incorrect. Configuration Manager Setup 7/29/2015 3:45:40 PM 5864 (0x16E8)
*** [08001][-2146893022][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 7/29/2015 3:45:40 PM 5864 (0x16E8)
*** Failed to connect to the SQL Server, connection type: SMS ACCESS. Configuration Manager Setup 7/29/2015 3:45:40 PM 5864 (0x16E8)
INFO: SQL Connection failed. Connection: SMS ACCESS, Type: Secure Configuration Manager Setup 7/29/2015 3:45:40 PM 5864 (0x16E8)

Thanks in advance !

July 29th, 2015 5:48am

yes, thank you. I did see that article the other day, however the comments don't really help in the actual creation of the certificate and how to get it functioning as intended.

Do you have any other thoughts ?

Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 12:37am

Have you tried what Patrik Enerstrand wrote on 17 Sep 2013 5:01 PM?
July 30th, 2015 1:57am

I did,

However, 

SMS_SITE_COMPONENT_SERVER was not one of the options on the list. screenshot attached.


So I couldn't proceed with that course.

Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 6:59pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics