"The login is from an untrusted domain and cannot be used with Windows authentication." when distributing updates to DMZ MP


  • Hi


    I am currently testing a scenario where we want to centrally manage updates for customers by using a remote MP and DP on their environment.


    The scenario is wokrign well: the MP is communicating with the site and clients receive policy.


    Software packages can be pushed to the DP aswell, but I get the following error when pushing a (larger) update-package:


    Cannot save the package status to the data source after successfully copying the package.




    *** [28000][18452][Microsoft][ODBC SQL Server Driver][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.


    Can this be SPN related? I am currently using a HOSTS-entry on the DMZ to point to our internal SQL cluster, as this is aquick test-scenario. The MP-role has a domain-account specified for DB-access.

    The MP has no problems with this, but the DP does apparently.


    Does anyone have experience with this issue, or an idea what the cause might be?


    Many thanks in advance!


    Thursday, October 20, 2011 9:30 AM

All replies

  • What yo mean by DMZ MP? Do you have native mode primary server ?

    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, October 20, 2011 10:03 AM
  • Yes, we have one primary site which is in native mode. All certificates are present and functioning.
    Thursday, October 20, 2011 10:03 AM
  • What is the authentication you are using for your SQL ?

    are you able to connect from DMZ to your SQL Server ?

    What is the supported scenario you are taking ?

    are there any site status error in the console ?

    This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, October 20, 2011 7:10 PM
  • The SQL is using windows authentication. The DMZ Management Point can succesfully connect to it using an appropriate domain account.


    I noticed that if I push a small package alongside with the updates the issue does not occur.


    I'm using scenario 3 witout replica, but the update point is in our intranet.

    Monday, October 24, 2011 1:27 PM