Hi,

We are trying to install SCCM Primary Site on existing CAS, but we had to fix some firewall and communications issues.

We have SCCM CAS and SQL installed on Europe domain, our new Primary Site and new SQL belongs to CentralAmerica domain.

We review some configurations and we had to open firewall ports that were blocking communications, now we can communicate between servers, but one SQL error persists as is described on the image

We have made sure to give the required permissions in SQL Server and SCCM .

In the SQL Server (which belongs to the domain of Central America ) we have assigned the following configurations:

* CAS Computer (Europe domain) - Added as Local Administrator and Sysmanager on SQL (CentralAmerica Domain)

* SQL from CAS (Europe domain) - Added as Local Administrator and Sysmanager on SQL (CentralAmerica Domain)

* SCCMAdmin (Europe domain account) - Added as Local Administrator and Sysmanager on SQL (CentralAmerica Domain) -- This is the account we are using to install the Primary Site on CentralAmerica domain

* SCCMPrimarySite computer (CentralAmerica domain) - Added as Local Administrator and Sysmanager on SQL (CentralAmerica Domain)

On the ConfigMgrSetupWizard.log we are getting this messages:

9/8/2015 12:45:20 PM: ConfigMgrSetupWizard Information: 1 : Selected sql server instance name = [DBSV01]
9/8/2015 12:45:20 PM: ConfigMgrSetupWizard Information: 1 : Creating SQL connection to database CM_PM1 on server me01sidb023.me.inet.
9/8/2015 12:45:20 PM: ConfigMgrSetupWizard Error: 1 : Exception message: [Cannot open database "CM_PM1" requested by the login. The login failed.
Login failed for user 'TCORP\SCCMAdmin'.], Exception details: [System.Data.SqlClient.SqlException: Cannot open database "CM_PM1" requested by the login. The login failed.
Login failed for user 'TCORP\SCCMAdmin'.
   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
   at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject, Boolean withFailover)
   at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
   at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
   at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
   at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.SqlClient.SqlConnection.Open()
   at Microsoft.SystemCenter.ConfigMgr.Setup.DatabaseUtility.GetSqlConnection(String databaseName, String serverName, Boolean encrypt)].

 

On the ConfigMgrPrereq.log we got this messages:

<09-08-2015 16:15:05> INFO: CheckLocalSys is Admin of <me01sidb023.me.inet>.
<09-08-2015 16:15:12> me01sidb023.me.inet;    Site server computer account administrative rights;    Error;    Configuration Manager Setup requires that the site server computer has administrative rights on the SQL Server and management point computers.
<09-08-2015 16:15:12> me01sidb023.me.inet;    SQL Server security mode;    Warning;    The SQL Server name specified is configured for SQL authentication security. It is recommended to configure the SQL Server to operate only in Windows authentication security before you continue Configuration Manager Setup.

I will appreciate advices about this issue.

Best regards,

We are trying to install SCCM Primary Site on existing CAS,

Just to double check: are you trying to install the primary on the same server as the CAS?

No Torsten.

We are working with these servers:

* 1 CAS Server (belongs to Europe domain)

* 1 SQL for the CAS (belongs to Europe domain)

* 1 Primary Site that we are trying to join to installed CAS (this server belongs to CentralAmerica domain)

* 1 SQL for the Primary Site (belongs to CentralAmerica domain)

We are using SCCMAdmin as service account for installation of the Primary Site, SCCMAdmin belongs to Europe domain but we gave that user permission on Primary Site and SQL server in CentralAmerica domain.

Thanks in advice.

Manuel

Just add the computer account of the site server you are building to administrator group of SQl server.

Assuming that "We are trying to install SCCM Primary Site on existing CAS" means you are installing the primary site under the existing CAS in your enviro

* 1 CAS Server (belongs to Europe domain)

* 1 SQL for the CAS (belongs to Europe domain)

Just a side note here: using a remote server for the CAS does not make too much sense (even if there are a lot of clients). 

Have you already checked if something is blocked on a firewall or if there are errors in the SQL logs?

Thanks Sushain.

You mean the SQL with the CAS or the one with the primary site?

On the SQL server we are using to install Primary Site, we have this configuration:

On local Administrators group and Sysmanager role, we added:

* CAS server computer account

* SQL server for CAS computer account

* Primary Site server computer account

* SCCMAdmin service account

 Best regards,

Manuel

 

Hi Torsten.

In the hardware firewall if it was necessary to open ports communicate between domain servers Europe and CentralAmerica.

I will review the Windows Firewall in SQL to try to identify if we configure a rule exception.

Thanks for advice.

Manuel

I have reviewed the Windows firewall exception rules ports are enabled.

On the ConfigMgrPrereq.log I got this messages:

===== INFO: Prerequisite Type & Server: SQL:me01sidb023.me.inet =====
<09-07-2015 09:46:02> <<<RuleCategory: Access Permissions>>>
<09-07-2015 09:46:02> <<<CategoryDesc: Checking access permissions...>>>
<09-07-2015 09:46:02> me01sidb023.me.inet;    SQL Server sysadmin rights;    Passed
<09-07-2015 09:46:02> INFO: Skip testing, no expand primary site specified.
<09-07-2015 09:46:02> me01sidb023.me.inet;    SQL Server sysadmin rights for reference site;    Passed
<09-07-2015 09:46:02> INFO: CheckLocalSys is Admin of <me01sidb023.me.inet>.
<09-07-2015 09:46:08> me01sidb023.me.inet;    Site server computer account administrative rights;    Error;    Configuration Manager Setup requires that the site server computer has administrative rights on the SQL Server and management point computers.
<09-07-2015 09:46:08> me01sidb023.me.inet;    SQL Server security mode;    Warning;    The SQL Server name specified is configured for SQL authentication security. It is recommended to configure the SQL Server to operate only in Windows authentication security before you continue Configuration Manager Setup.

Thanks in advice.

Manuel

Hello,

I solved the Windows Firewall ports and permission but in the ConfigMgrSetup.log Im getting this wear error:

INFO: Checking Windows Cluster.  $$<Configuration Manager Setup><09-10-2015 12:24:03.568+360><thread=4228 (0x1084)>
CWmi::Connect(): ConnectServer(Namespace) failed. - 0x8004100e~  $$<Configuration Manager Setup><09-10-2015 12:24:03.568+360><thread=4228 (0x1084)>
INFO: WMI namespace root\MSCluster not exists on ME01SIAC0012.me.inet.  $$<Configuration Manager Setup><09-10-2015 12:24:03.584+360><thread=4228 (0x1084)>

ME01SIAC0012 is the server where we are trying to install SCCM Primary Server, but I dont have installed Windows Cluster and the server is not member on any cluster.

This error CWmi::Connect(): ConnectServer(Namespace) failed. - 0x8004100e, is provoking the SQL Failed.

I will appreciate any advices.

Best regards,

Manuel

Hi Torsten,

I want to ask something, what kind of permissions should have Primary Site server over the CAS and SQL server?o

Do I have to add my Primary Site server account to local Admininstrators group on CAS server?

Best regards,

Manuel

INFO: Checking Windows Cluster.  $$<Configuration Manager Setup><09-10-2015 12:24:03.568+360><thread=4228 (0x1084)>
CWmi::Connect(): ConnectServer(Namespace) failed. - 0x8004100e~  $$<Configuration Manager Setup><09-10-2015 12:24:03.568+360><thread=4228 (0x1084)>
INFO: WMI namespace root\MSCluster not exists on ME01SIAC0012.me.inet.  $$<Configuration Manager Setup><09-10-2015 12:24:03.584+360><thread=4228 (0x1084)>

Those are just informations and nothing to worry about. Setup checks if the system is running on a cluster by querying WMI. The MSCluster namespace does not exist, so it's no cluster which is fine. Do you see any related messages in the prereq checker window?

Hello Torsten,

On the ConfigMgrPrereq.log at moment that aapears the SQL failed error, we received this messages:

<09-03-2015 09:38:46> ===== INFO: Prerequisite Type & Server: SQL:me01sidb023.me.inet =====
<09-03-2015 09:38:46> <<<RuleCategory: Access Permissions>>>
<09-03-2015 09:38:46> <<<CategoryDesc: Checking access permissions...>>>
<09-03-2015 09:38:46> me01sidb023.me.inet;    SQL Server sysadmin rights;    Passed
<09-03-2015 09:38:46> INFO: Skip testing, no expand primary site specified.
<09-03-2015 09:38:46> me01sidb023.me.inet;    SQL Server sysadmin rights for reference site;    Passed
<09-03-2015 09:38:46> INFO: CheckLocalSys is Admin of <me01sidb023.me.inet>.
<09-03-2015 09:38:54> me01sidb023.me.inet;    Site server computer account administrative rights;    Error;    Configuration Manager Setup requires that the site server computer has administrative rights on the SQL Server and management point computers.
<09-03-2015 09:38:54> me01sidb023.me.inet;    SQL Server security mode;    Warning;    The SQL Server name specified is configured for SQL authentication security. It is recommended to configure the SQL Server to operate only in Windows authentication security before you continue Configuration Manager Setup.

Based on the log description, I assume that "site server computer" is the new SCCM we are trying to install, "SQL Server" is the SQL that I have using for the new SCCM Primary Site and "Management Point" should be CAS server, Am I right?

I already reviewed the configurations on server in Europe domain, the CAS server and the SQL of Europe domain have as local Administrator the computer accounts of New SCCM and SQL of the Central America domain.

Another thing that I want to ask, in Central America domain already have an installation of SCCM 2007 server, should I uninstall the SCCM 2007 before install SCCM 2012 R2?

Best regards,

Hi Torsten,

I just want to thank you for the advices.

I found that a misconfiguration was provoking the Failed on SQL.

The ConfigMgrPrereq.log shows the message:

INFO: CheckLocalSys is Admin of <sqlserver.domain.com>

In the local Administrators group on SQL Server had a wrong computer account for SCCM server, the SCCM server name is SCCMServe0012, and in local administrators group was another name SCCMServer012.

When I configured the appropiate computer account the SQL Failed disappears and  completed the installation of SCCM.

Best regards,

Manuel