locked
Sql login creation failed RRS feed

  • Question

  • Hi,
    i'm installing a new cas in "pippo" domain, the sql instance is on another domain "pluto".

    The trust between pippo and pluto is one way only from pluto to pippo

    When i try to install i have got this error from the setuplog

    *** IF NOT EXISTS (select * from master.sys.server_principals where name=N'Pippo\xxxsms$') CREATE LOGIN [Pippo\xxxsms$] FROM WINDOWS  $$<Configuration Manager Setup><03-15-2017 11:21:40.282-60><thread=4716 (0x126C)>
    *** [42000][15401][Microsoft][SQL Server Native Client 11.0][SQL Server]Windows NT user or group 'Pippo\xxxsms$' not found. Check the name again.  $$<Configuration Manager Setup><03-15-2017 11:21:40.282-60><thread=4716 (0x126C)>
    INFO: Executing SQL Server command: <IF NOT EXISTS (select * from master.sys.server_principals where name=N'Pippo\xxxsms$') CREATE LOGIN [Pippo\xxxsms$] FROM WINDOWS>  $$<Configuration Manager Setup><03-15-2017 11:21:40.282-60><thread=4716 (0x126C)>
    ERROR: Failed to execute SQL Server command, error <>~  $$<Configuration Manager Setup><03-15-2017 11:21:40.298-60><thread=4716 (0x126C)>

    Thursday, March 16, 2017 9:20 AM

Answers

  • And as Paul said, that's not a valid technical reason to install multiple primary sites or a CAS. Doing this will cause you lots of pain for no reason.

    As for your question, if the two domains don't trust each other, it's not possible as SQL access requires kerberos authentication which is not possible across untrusted domains.

    Finally, using a remote SQL Server is also a bad idea in general: https://stevethompsonmvp.wordpress.com/2014/12/20/why-you-should-not-use-remote-sql-server-with-configmgr-2012/


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Frank Dong Friday, March 17, 2017 4:04 AM
    • Marked as answer by zolabus Friday, March 17, 2017 7:37 AM
    Thursday, March 16, 2017 3:27 PM

All replies

  • Ok, I'm going for it.. Why are you installing a CAS? Do you have more than 150'000 Devices to manage?

    Simon Dettling | msitproblog.com | @SimonDettling

    Thursday, March 16, 2017 9:24 AM
  • i need to manage two different primary sites, the problem woud be if i install only a primary too i think...
    Thursday, March 16, 2017 9:37 AM
  • i need to manage two different primary sites

    Why is that? Why not using a single Primary (without a CAS)?

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, March 16, 2017 11:06 AM
  • You can manage multiple domains with a primary if that is the reason why you are wanting to use a CAS.

    Cheers Paul | http://sccmentor.com

    Thursday, March 16, 2017 11:18 AM
  • No that isn't the reason....

    All of my nopro infrastructur must be on another domain.

    Thursday, March 16, 2017 12:36 PM
  • And as Paul said, that's not a valid technical reason to install multiple primary sites or a CAS. Doing this will cause you lots of pain for no reason.

    As for your question, if the two domains don't trust each other, it's not possible as SQL access requires kerberos authentication which is not possible across untrusted domains.

    Finally, using a remote SQL Server is also a bad idea in general: https://stevethompsonmvp.wordpress.com/2014/12/20/why-you-should-not-use-remote-sql-server-with-configmgr-2012/


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Frank Dong Friday, March 17, 2017 4:04 AM
    • Marked as answer by zolabus Friday, March 17, 2017 7:37 AM
    Thursday, March 16, 2017 3:27 PM