The Child Primary Site Server is unable to connect to the remote SQL Server.

Thursday 26 March 2015

PROBLEM:

- We are using SCCM 2007 SP1.

One Central - CEN

3 Child Primaries.

Around 40 Secondaries.

Affected Child Primary Site -S01

Site Server - MIT-01-SCCM1

SQL Server - MIT-01-X452

- The Child Primary Site Server is unable to connect to the remote SQL Server.

RESOLUTION:

- Tried to connect to SQL Server using Local system account:

---------------------------

Microsoft SQL Server Login

---------------------------

Connection failed:

SQLState: '28000'

SQL Server Error: 18456

[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

---------------------------

- SQL Server Service was running under a Local Admin account.

- Changed that to the Local System account.

- Verified that the SPN was correctly registered automatically.

- However we were still unable to connect to the SQL Server remotely.

- Checked the Client Configuration (cliconfg).

- There was a TCP/IP Alias already added. Removed the alias.

- Tried to connect again. Works fine now.

- They are going to switch the SQL Server to run under the following account:

dom1\oservice

- Advised them to register the SPNs under the Domain Service account manually so that SCCM continues to be able to connect to

SQL.

- Here is how to do that:

setspn -l MSSQLSvc/MIT-01-X452.dom1.ldomain.com:1433 dom1\oservice

setspn -l MSSQLSvc/MIT-01-X452:1433 dom1\oservice

Additional articles for reference:

Registering a Service Principal Name

Security Account Delegation

A blog from My Notes - More than Microsoft SCCM