What to do with machine account?
-
Thursday, September 27, 2007 4:25 AM
I'm trying to install Config Mgr 2007 on a Win2K3 Enterprise Server which will talk to a separate SQL 2005 box, and I'm getting this error:
The site server computer's machine account does not have Administrator's privileges on the SQL Server selected for site database installation. To install a Configuration Manager site, all servers must be in an Active Directory domain and the site server's machine account must have Administrator's privileges on the SQL Server.
How do I overcome this?
Thanks
Answers
-
Thursday, September 27, 2007 7:54 AM
When a Configuration Manager site server uses remote site systems, it needs to have administrative rights on the remote site systems in order to manage them. Not sure if your question is how do you get around having to grant the machine account local admin rights on the SQL server, or how do you go about granting the site server's computer account admin rights on the SQL server. If it's the latter, follow the steps below.
1. On the SQL Server, right-click My Computer and select Manage to open the Computer Management console.
2. Expand the Local Users and Groups node and select Groups.
3. Double-click Administrators in the right-hand pane of the Computer Management console.
4. Click the Add... button to open the Select Users, Computers and Groups dialog box.
5. Click the Object Types... button and ensure Computers is selected in the Object Types dialog box. Click OK to return to the Select Users, Computers and Groups dialog box.
6. If the From this location field in the Select Users, Computers and Groups dialog box does not show the domain that the Configuration Manager site server is in, click the Locations... button and select the correct domain.
7. In the field labelled Enter the object names to select, type the computer name of the Configuration Manager site server. Click the Check Names... button to confirm that the name has been recognised (it should appear underlined when confirmed).
8. Click OK.
-
Monday, November 12, 2007 9:03 PM
I appreciate everyone's help. I finally figured it out. I do not even want to tell you what I did wrong. When I setup the computer and joined it to the domain, the computer account was not created. I removed it from the domain and then rejoined and it created the account. I ran the prereq test again, and now all I have to do is the AD extend. Thanks again for the help everyone. I had to go back and visit Server Class 101.
All Replies
-
Thursday, September 27, 2007 7:54 AM
When a Configuration Manager site server uses remote site systems, it needs to have administrative rights on the remote site systems in order to manage them. Not sure if your question is how do you get around having to grant the machine account local admin rights on the SQL server, or how do you go about granting the site server's computer account admin rights on the SQL server. If it's the latter, follow the steps below.
1. On the SQL Server, right-click My Computer and select Manage to open the Computer Management console.
2. Expand the Local Users and Groups node and select Groups.
3. Double-click Administrators in the right-hand pane of the Computer Management console.
4. Click the Add... button to open the Select Users, Computers and Groups dialog box.
5. Click the Object Types... button and ensure Computers is selected in the Object Types dialog box. Click OK to return to the Select Users, Computers and Groups dialog box.
6. If the From this location field in the Select Users, Computers and Groups dialog box does not show the domain that the Configuration Manager site server is in, click the Locations... button and select the correct domain.
7. In the field labelled Enter the object names to select, type the computer name of the Configuration Manager site server. Click the Check Names... button to confirm that the name has been recognised (it should appear underlined when confirmed).
8. Click OK.
-
Thursday, September 27, 2007 6:31 PM
this was it. thanks so much
-
Thursday, November 08, 2007 9:10 PM
I am having the same exact issue... and I tried this and it didn't work for me. Do you have any other suggestions?
-
Friday, November 09, 2007 10:11 PM
Seems like most of the time if you are having problems with a remote SQL server there is something with the Service Principal Name. See if this page helps:
http://technet.microsoft.com/en-us/library/bb735877.aspx
-
Saturday, November 10, 2007 11:04 PM
Dave Fuller wrote: When a Configuration Manager site server uses remote site systems, it needs to have administrative rights on the remote site systems in order to manage them. Not sure if your question is how do you get around having to grant the machine account local admin rights on the SQL server, or how do you go about granting the site server's computer account admin rights on the SQL server. If it's the latter, follow the steps below.
1. On the SQL Server, right-click My Computer and select Manage to open the Computer Management console.
2. Expand the Local Users and Groups node and select Groups.
3. Double-click Administrators in the right-hand pane of the Computer Management console.
4. Click the Add... button to open the Select Users, Computers and Groups dialog box.
5. Click the Object Types... button and ensure Computers is selected in the Object Types dialog box. Click OK to return to the Select Users, Computers and Groups dialog box.
6. If the From this location field in the Select Users, Computers and Groups dialog box does not show the domain that the Configuration Manager site server is in, click the Locations... button and select the correct domain.
7. In the field labelled Enter the object names to select, type the computer name of the Configuration Manager site server. Click the Check Names... button to confirm that the name has been recognised (it should appear underlined when confirmed).
8. Click OK.
-
Saturday, November 10, 2007 11:04 PM
Dave Fuller wrote: When a Configuration Manager site server uses remote site systems, it needs to have administrative rights on the remote site systems in order to manage them. Not sure if your question is how do you get around having to grant the machine account local admin rights on the SQL server, or how do you go about granting the site server's computer account admin rights on the SQL server. If it's the latter, follow the steps below.
1. On the SQL Server, right-click My Computer and select Manage to open the Computer Management console.
2. Expand the Local Users and Groups node and select Groups.
3. Double-click Administrators in the right-hand pane of the Computer Management console.
4. Click the Add... button to open the Select Users, Computers and Groups dialog box.
5. Click the Object Types... button and ensure Computers is selected in the Object Types dialog box. Click OK to return to the Select Users, Computers and Groups dialog box.
6. If the From this location field in the Select Users, Computers and Groups dialog box does not show the domain that the Configuration Manager site server is in, click the Locations... button and select the correct domain.
7. In the field labelled Enter the object names to select, type the computer name of the Configuration Manager site server. Click the Check Names... button to confirm that the name has been recognised (it should appear underlined when confirmed).
8. Click OK.
-
Saturday, November 10, 2007 11:28 PM
I have this already in place Dave. Thanks for the response. Any other ideas?
-
Saturday, November 10, 2007 11:32 PM
Cathy Moya [MSFT] wrote: Seems like most of the time if you are having problems with a remote SQL server there is something with the Service Principal Name. See if this page helps:
http://technet.microsoft.com/en-us/library/bb735877.aspx
Still having issue Cathy... any other ideas? I am doing this from one VM server to another VM server... would this make any difference you think? I made an ODBC connection to the remote SQL server from the Configuration Server to verify I can connect and authenicate with the account I am using.
-
Monday, November 12, 2007 9:03 PM
I appreciate everyone's help. I finally figured it out. I do not even want to tell you what I did wrong. When I setup the computer and joined it to the domain, the computer account was not created. I removed it from the domain and then rejoined and it created the account. I ran the prereq test again, and now all I have to do is the AD extend. Thanks again for the help everyone. I had to go back and visit Server Class 101.
-
Monday, November 12, 2007 10:48 PM
Maddage field is auto -
Monday, February 04, 2008 2:37 PM
Can I add a twist...
We have exactly the same issue as the original poster, but, the sql server we are using is a Domain Controller so we can't get into local users to add an account...
Is there any way around this, or are we scuppered?
Rob
-
Monday, February 04, 2008 4:46 PMOwnerYou have to use Active Directory Users and Computers to add the computer account as an admin.
-
Tuesday, February 05, 2008 11:33 AM
So I'm adding the computer account into the domain administrators group?
Rob
-
Tuesday, February 05, 2008 4:36 PMOwnerIt wouldn't have to be Domain Admins, but could be the built-in Administrators group. But yes, you would have to make the account an administrator on the domain controller.
-
Monday, February 25, 2008 10:13 AM
Thanks Wally,
Sorted
-
Monday, February 25, 2008 1:18 PM
Hello,
I have the same problem, i tryed already the solutions presented, but nothing works.
The Computer is in the domain, the user is a domain administrator, the user is also a local administrator but the instalation still gives the same problem.
can anyone help me?
-
Monday, February 25, 2008 4:28 PMOwner
I'm not sure I'm following you, sorry. Can you explain the problem and what you've done to try to fix it?
If it is the original problem, where the site server can't access SQL Server on a remote server, then it has nothing to do with "the user". The issue is that the site server computer account must be a local admin on the remote SQL Server computer.
-
Tuesday, February 26, 2008 8:40 AM
Hello,
i'm currently installing OPM and CFM with a seperate SQL Server.
On one server OPM works and hase a connection to the SQL Server
On the other server i'm installing CFM with a link to the SQL server. But when i'm installing CFM it gives me the following error :
The site server computer's machine account does not have Administrator's privileges on the SQL Server selected for site database installation. To install a Configuration Manager site, all servers must be in an Active Directory domain and the site server's machine account must have Administrator's privileges on the SQL Server.
The CFM user is domain Administator on our domain. I have added his user localy to the administrators on the on the SQL server. All the servers are in the same domain.
can you help me?
-
Tuesday, February 26, 2008 7:32 PMOwner
I don't know what OPM and CFM are. If you are using CFM as Configuration Manager - again, as stated numerous times, the SITE SERVER COMPUTER ACCOUNT needs to be an admin on the SQL Server computer.
You keep mentioning a "user" - we are using the site server computer account.
Either that or I still am not understanding what you are asking :-(
- Proposed As Answer by cgehr Monday, July 20, 2009 2:45 PM
-
Friday, July 18, 2008 6:00 PM
I have the same issue as the original poster. I have successfully installed a SCCM 2007 SP1 site using a remote SQL instance (both of which are in the same domain). I am now trying to install a Child Primary site that will use the same remote SQL instance for its database (the SQL server is in the same forest, but is in a different domain).
On this Child Primary Site server (it will be site code S01), I have successfully installed WSUS and it was able to install its database on the remote SQL server.
However when I try to install SCCM 2007 SP1 I receive the error "The site server computer's machine account does not have Administrator's priviledges on the SQL server..."
I have added the S01 server to the local admin group of the remote SQL server. I have created the necessary SQL service SPN's in the domain of the SQL server, but I still get the error that it is not an administrator on the SQL server box.
What am I missing? Do I need SPNs in the same domain as S01? If so, then why was WSUS able to install its database on the SQL server successfully?
-
Sunday, September 21, 2008 8:36 AM
I had this problem to and your sugestion worked perfectly
Thank You So much
-
Friday, September 26, 2008 10:11 PMOwner
For Jeremy's post:
I have the same issue as the original poster. I have successfully installed a SCCM 2007 SP1 site using a remote SQL instance (both of which are in the same domain). I am now trying to install a Child Primary site that will use the same remote SQL instance for its database (the SQL server is in the same forest, but is in a different domain).
The answer is that this is completely unsupported. We require that the site server and SQL Server computers be in the same domain, not just same forest. This is documented here: http://technet.microsoft.com/en-us/library/bb694003.aspx
"All other site systems within a site that are not listed above must reside within the same Active Directory forest. They can be installed in different domains within the forest, with the exception of the site server, SMS Provider computer, reporting point, and site database server which must all reside in the same domain."
-
Friday, November 07, 2008 10:05 PM
I have followed the steps listed above and still cannot seem to make the SCCM '07 SP1 machine account work with a stand-alone SQL Server. A brief rundown:
-
SCCM box - Server 2008; SQL box - Server 2003, SQL 2005
-
Both boxes are on same domain, SCCM box shows up as a computer account in ADUC
-
Open the Local Users and Group on the SQL server box - add SCCM computer name in the Administrators group
-
Prereq checker runs and says all
-
Start to install and get following error:
-
The site server computer's machine account does not have Administrator's privileges on the SQL Server selected for site database installation. To install a Configuration Manager site, all servers must be in an Active Directory domain and the site server's machine account must have Administrator's privileges on the SQL Server.
-
Any ideas as to what could cause this? Like I said, computer account is already listed in teh local admin group. Is there anything in the SQL Server software itself that needs permissions setup?
Thanks.
P
-
-
Thursday, December 25, 2008 9:21 PMRunning in a VM environment... make sure to reboot both boxes after making the security change, and try again.
-
Wednesday, January 14, 2009 4:41 PMHi, i have the same problem of the original poster. Now that i know the answer, i need to know if the site server computer account needs to be local admin on the sql box for just the installation, or the computer account must remain local admin for the correct functioning of ConfigMgr. Can i remove the site server computer account after installing ConfigMgr?
Best Regards. -
Monday, July 20, 2009 2:48 PM Wally is exactly right here. You need to add the server you want the site on into the local admins group on the server running SQL. Example:
ServerA.mydomain.com is running SQL.
ServerB.mydomain.com is the server you want the site installed on.
ServerB MUST be an Administrator in order for this to work.- Proposed As Answer by cgehr Monday, July 20, 2009 2:48 PM
-
Monday, December 14, 2009 6:35 PM If you're like me you don't like to apply permissions using individual user or computer accounts so I created a group, SCCMComputers which contains all computers in my SCCM environment. I then add this group to all local admins on all SCCM machines. I was still having the issues listed above. Just for the heck of it, I explicitly added the Site Server's machine account to the SQL Server's Local admin account and that was it. How freaking stupid! I bet this is a bug in the SCCM installer and not the actual security model.
- Proposed As Answer by James Martel Sunday, January 24, 2010 3:44 PM
-
Sunday, January 24, 2010 3:48 PM
My problem was also that I had created a domain group named SCCM Site Servers and added my site server's computer account (Server10) to this group, then added the group to the Local Administrator's group on the SQL 2008 machine.
Only when I removed the SCCM Site Servers group from the Local Administrator's on the SQL box and added just the Server10 machine domain account did the pre-req checker accept that the machine was a Local Administrator.
.png){kind=spacer}
