Hello everyone,

I've this issue where; when connecting a primary site to existing central administration site; setup prerequisite checker 
continue to notify it cannot establish connection to SQL server having central administration site database. The SQL server 
having central site database is installed locally on the server central administration site is hosted on. Both servers 
(central administration site server, the new server to host child primary site required to join that central administration 
site) having following configuration:

A. Central Administration site server, with site database server installed locally: 

Name:             HQCAS
OS:                WS 2008 R2 SP1, fully patched.
SQL Server:     SQL Server 2008 R2 with SP2. Correct required SQL server collation set supported by CM2012.
SQL Server named instance: CASDB
Local firewall ports opened: 1433, 4022  (via inbound rules created in group policy, same GPO applies to primary site 
server)
SQL Server broker service Enabled: True.
TCP/IP: All dynamic ports left blank to support static port 1433.Static port 1433 configured for all IPs. 
IP Address: 10.1.1.250/8
Local SAM:      Both server computer accounts added to local 'Administrators' group on both servers.
Domain service account: svcCASDB
SPNs registered:        2x, one for HQCAS hostname on instance CASDB on port 1433, second for FQDN for HQCAS on instance 
CASDB on port 1433.
SQL Server Logins:   Security group containing both computer accounts for HQCAS & STPRS. Both account having sysadmin SQL 
server role assigned.
SQL Server browser service running.

B. Primary site server, with SQL server installed locally: to join HQCAS CM2012 hierarchy:

Name:             STPRS
OS:        WS 2008 R2 SP1, fully patched.
SQL Server: SQL Server 2008 R2 with SP2. Correct required SQL server collation set supported by CM2012.
SQL Server named instance: CM12PRIMARY
Local firewall ports opened: 1433, 4022  (via inbound rules created in group policy, same GPO applies to central 
administration site server)
SQL Server broker service Enabled: True.
TCP/IP: All dynamic ports left blank to support static port 1433.Static port 1433 configured for all IPs. 
IP Address: 172.168.1.250/16
Local SAM:      Both server computer accounts added to local 'Administrators' group on both servers.
Domain service account: svcCASDB
SPNs registered:        2x, one for STPRS hostname on instance CM12PRIMARY on port 1433, second for FQDN for STPRS on 
instance CM12PRIMARY on port 1433.
SQL Server Logins:   Security group containing both computer accounts for HQCAS & STPRS. Both account having sysadmin SQL 
server role assigned.
SQL Server browser service running.

Tests performed:

Telnet to/from both HQCAS/STPRS on ports 1433, 4022 establishes connection. Please help






 

Hi,

Please verify the user account that runs Configuration Manager Setup on the primary site to join an existing hierarchy has the sysadmin role on the instance of the SQL Server for the central administration site.

Prerequisite Checks for Security Rights

Best Regards,

Joyce

Hello Joyce,

Yes I did catered for that. That's how accounts were managed. 

Domain security group : "CM12 Admins"

Domain account:         : CM12Admin member of group above.

When SQL server 2008 R2 w/ SP3 installed onto HQCAS (the server to host Central Admin site) "CM12 Admins" group is assigned sysadmin role. 

CM12Admin account is used to install following:
1) SQL server 2008 R2 w/SP3 on HQCAS.
2) CM2012 central administration s ite on HQCAS.
3) SQL server 2008 R2 w/SP3 on STPRS.
4) CM2012 setup initiated on STPRS.

However...it fails to connect to SQL server installed on HQCAS.

Any further input would be much appreciated.

Hello friends,

My finding it finally is....there wasn't any configuration issue as I mentioned above.

I'm using an evaluation edition of SQL Server 2008 R2; it just allows default instance (MSSQLSERVER) to be used, not a named instance. 

The confirming test for this was...I re-installed SQL Server with all the same settings except changing from a named instance to default; once I finished applying service pack 3. I could initiate WSUS 3.0 SP2 x64 setup and point it to use this SQL server. WSUS setup completed without any errors. This was not happening when named instance was all configured properly. It was just not accessible from outside.

Well this is what my finding is. For lab environment of CM2012 it suffices the need.

Regards,

Shahzad.