locked
SCCM Primary in a forest root and SCCM secondary in a child domain RRS feed

  • Question

  • Hello

    In our network structure  primary site is in forest root and secondary site is in child domain , we setspn the SQL user for primary site on root forest . Also on client side the client configuration manager only show two actions and agent cannot install correctly so we checked logs and found these errors:

    When we checked the MP_Framework.log we found the below errors:

    CMpDatabase::GetClientPublicKeyEx(ClientID='GUID:82394135-75B0-4805-BC6B-106A9E130E1A') failed (0x87d00242).

    CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14

    =======================================

    MPDB ERROR - CONNECTION PARAMETERS

    SQL Server Name     : Secondary Server\CONFIGMGRSEC

    SQL Database Name   : CM_XXX

    Integrated Auth     : True

    MPDB ERROR - EXTENDED INFORMATION

    MPDB Method         : ExecuteSP()

    MPDB Method HRESULT : 0x80040E14

    Error Description   : OLE DB provider "SQLNCLI11" for linked server "Primary Server" returned message "Invalid connection string attribute".

    OLEDB IID           : {0C733A63-2A1C-11CE-ADE5-00AA0044773D}

    ProgID              : Microsoft SQL Server Native Client 11.0

    MPDB ERROR - INFORMATION FROM DRIVER

    SQL Server Name   : SCCM-XXX\CONFIGMGRSEC

    Stored Procedure  : MP_GetCacheInvalidationInfo

    Native Error no.  : 7412

    Error State       : 2

    Line number in SP : 12

    =======================================

    MPDB ERROR - CONNECTION PARAMETERS

    SQL Server Name     :  Secondary Server\CONFIGMGRSEC

    SQL Database Name   : CM_XXX

    Integrated Auth     : True

    MPDB ERROR - EXTENDED INFORMATION

    MPDB Method         : ExecuteSP()

    MPDB Method HRESULT : 0x80040E14

    Error Description   : OLE DB provider "SQLNCLI11" for linked server "Primary Server" returned message "Invalid connection string attribute".

    OLEDB IID           : {0C733A63-2A1C-11CE-ADE5-00AA0044773D}

    ProgID              : Microsoft SQL Server Native Client 11.0

    MPDB ERROR - INFORMATION FROM DRIVER

    SQL Server Name   : SCCM-XXX\CONFIGMGRSEC

    Stored Procedure  : sp_GetPublicKeyForSMSID

    Native Error no.  : 7412

    Error State       : 2

    Line number in SP : 16

    =======================================

    CMpDatabase::GetClientPublicKeyEx(ClientID='GUID:82394135-75B0-4805-BC6B-106A9E130E1A') failed (0x87d00242).

     

    And we checked the MP_Location.log we found the below errors:

     

    CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14

    =======================================

    MPDB ERROR - CONNECTION PARAMETERS

    SQL Server Name     : SCCM-Secondary\CONFIGMGRSEC

    SQL Database Name   : CM_XXX

    Integrated Auth     : True

    MPDB ERROR - EXTENDED INFORMATION

    MPDB Method         : ExecuteSP()

    MPDB Method HRESULT : 0x80040E14

    Error Description   : Cannot find either column "dbo" or the user-defined function or aggregate "dbo.fn_GetBuildNumber", or the name is ambiguous.

    OLEDB IID           : {0C733A63-2A1C-11CE-ADE5-00AA0044773D}

    ProgID              : Microsoft SQL Server Native Client 11.0

    MPDB ERROR - INFORMATION FROM DRIVER

    SQL Server Name   : SCCM-Secondary\CONFIGMGRSEC

    Stored Procedure  : MP_GetAssignedMPListForSite

    Native Error no.  : 4121

    Error State       : 1

    Class (Severity)  : 16

    Line number in SP : 78

    =======================================

    CHandleLocationRequest::CreateReply failed with error (80040e14).

    MP LM: Message discarded

    MP LM: EnumerateMPLocation Request: Assigned site code provided by the client doesn't match the site code of the MP. Rejecting the request.

    MP LM: Message discarded

    CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14

     

    Plus, we checked the MP_Policy.log we found the below logs without error:

     

    SMS MP Policy Manager started.

    Policy request logging is OFF.

    SMS MP Policy Manager stopped.

    SMS MP Policy Manager started.

    Policy request logging is OFF.

    SMS MP Policy Manager stopped.

     

     

    1-     1- Is it need to check or change configuration on SQL Server Configuration Manager on secondary site server?

    2-     2- Should i setspn for secondary site computer account on forest root SQL user?

    3-     3- How can resolve mp_framework and mp_location errors?

    Saturday, April 25, 2020 6:12 PM

All replies

  • > In our network structure  primary site is in forest root and secondary site is in child domain

    This is not a proper design. A ConfigMgr hierarchy is unrelated to an AD hierarchy.

    #3 is the only question here that matters and the answer is that you almost certainly need to start over with a proper design.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Saturday, April 25, 2020 6:34 PM
  • Our network includes several Child Domain that communicate with WAN-Link to Forest Root Domain

    An Secondary server was set up to keep network traffic on each Child Domain

    And the Primary server is in Forest Root Domain

    Virtually no other design is possible

    However, there are errors between the SQL database Primary server and Secondary Servers

    Sunday, April 26, 2020 5:52 PM
  • with WAN-Link

    This is new information that changes the answer (as child domain in no way implies WAN separation).

    > An Secondary server was set up to keep network traffic on each Child Domain. And the Primary server is in Forest Root Domain

    This is not accurate or at least is an invalid reason. The secondary site was set up to facilitate management of systems across a WAN. The AD topology here is really irrelevant as far as secondary site usage goes.

    > Virtually no other design is possible

    Sure there is, there are many different possibilities, not all necessarily valid, but there are others.

    The ConfigMgr hierarchy should be dictated by the WAN/network topology, not the AD topology. Without these details, suggesting a proper design is not possible.

    As for your SQL issue, my guess is that a security policy in the domain or forest or on the server hosting the primary site's DB is preventing the connection from completing. 


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, April 27, 2020 3:04 PM