Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Protect, detect, and respond—Dataprise keeps your business secure.
Maximize uptime with with industry-leading DRaaS.
Swiftly mitigate cyber threats and restore security.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Keep production running with secure, always-on IT.
Accelerate PE client deals and secure data.
Empower Your Municipality with Secure, Reliable IT Services
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Grow through acquisition and partnership with Dataprise.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Explore our trusted partnerships with leading tech innovators.
Posts
By: Stephanie Hamrick
Table of content
Recently we ran into an issue that was really a complete roadblock when installing a new SCCM site for a customer. Since I was unable to find anything in other forums or blogs about this issue, I wanted to share this issue and its solution.
The customer’s environment is sized such that a single primary site server with SQL 2016 and all roles collocated on a single server will more than suffice. The primary site server is Server 2016. The install will be started using build 1702, but this issue will also apply to 1511, 1608, etc.
We began by extending the schema, installing all prerequisites, creating service accounts/groups, and applying permissions as appropriate. After that, we installed SQL 2016 standard and pre-staged the SQL database for our SCCM site so that it’s sized for the environment. The SPNs were also configured to use our SQL service account. Up to this point everything is operating and installing as expected.
At a command prompt, we ran the Prerequisite Checker (prereqchk.exe /LOCAL) to run the full gamut of checks on the server.
Here are the snippets of the errors in the ConfigMgrPrereq.log file.
> INFO: Check required collation of Sql Server. > INFO: LangID <409> > ERROR: Failed to get SQL Server connection for SCCM.MyDomain.local (master) > ERROR: Failed to connected to SQL Server, cannot verify required collation > SCCM.MyDomain.local; Required SQL Server Collation; Error; Configuration Manager requires that you configure your SQL Server instance and Configuration Manager site database (if already present) to use the SQL_Latin1_General_CP1_CI_AS collation, unless you are using a Chinese operating system and require GB18030 support. For information about changing your SQL Server instance and database collations, see http://go.microsoft.com/fwlink/p/?LinkID=234541. For information about enabling GB18030 support, see http://go.microsoft.com/fwlink/p/?LinkId=234542. > SCCM.MyDomain.local; SQL availability group configured for readable secondaries; Passed > SCCM.MyDomain.local; SQL availability group configured for manual failover; Passed > SCCM.MyDomain.local; SQL availability group replicas on default instance; Passed > ===== INFO: Prerequisite Type & Server: SITE_SEC:SCCM.MyDomain.local =====
> ===== INFO: Prerequisite Type & Server: SQL:SCCM.MyDomain.local ===== > <<<RuleCategory: Access Permissions>>> > <<<CategoryDesc: Checking access permissions…>>> > ERROR: Failed to connect to SQL Server database. > SCCM.MyDomain.local; SQL Server sysadmin rights; Error; Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions. Setup cannot continue.
> INFO: Cannot connect to registry key. > SCCM.MyDomain.local; Dedicated SQL Server instance; Passed > INFO: Checking sql index create memory. > ERROR: Failed to connect to SQL Server database. > SCCM.MyDomain.local; SQL Index Create Memory option; Warning; SQL Index create memory is not configured as default value of 0 and might hit issue
> INFO: Check required collation of Sql Server. > INFO: LangID <409> > ERROR: Failed to get SQL Server connection for SCCM.MyDomain.local (master) > ERROR: Failed to connected to SQL Server, cannot verify required collation > SCCM.MyDomain.local; Required SQL Server Collation; Error; Configuration Manager requires that you configure your SQL Server instance and Configuration Manager site database (if already present) to use the SQL_Latin1_General_CP1_CI_AS collation, unless you are using a Chinese operating system and require GB18030 support. For information about changing your SQL Server instance and database collations, see http://go.microsoft.com/fwlink/p/?LinkID=234541. For information about enabling GB18030 support, see http://go.microsoft.com/fwlink/p/?LinkId=234542. > SCCM.MyDomain.local; SQL availability group configured for readable secondaries; Passed > SCCM.MyDomain.local; SQL availability group configured for manual failover; Passed > SCCM.MyDomain.local; SQL availability group replicas on default instance; Passed
> SCCM.MyDomain.local; Unsupported Cloud Management Gateway on the expanded primary site; Passed > ===== INFO: Prerequisite Type & Server: SQL:SCCM.MyDomain.local ===== > <<>> > <<>> > ERROR: Failed to connect to SQL Server database. > SCCM.MyDomain.local; SQL Server sysadmin rights; Error; Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions. Setup cannot continue. > ===== INFO: Prerequisite Type & Server: SDK:SCCM.MyDomain.local =====
INFO: SQL Server instance <> > ERROR: Failed to get SQL Server connection for SCCM.MyDomain.local (master) > SCCM.MyDomain.local; Site System to SQL Server Communication; Passed
Here are the snippets of the errors in the ConfigMgrSetup.log file if we went ahead and attempted the installer, knowing that it wasn’t going to succeed given the failures of the precheck.
INFO: Registered type SMS ACCESS for SCCM.MyDomain.local CM_BIG Configuration Manager Setup 2/9/2018 4:42:55 PM 16644 (0x4104) *** [08001][18][Microsoft][ODBC SQL Server Driver][Shared Memory]SSL Security error Configuration Manager Setup 2/9/2018 4:43:56 PM 16644 (0x4104) *** [01000][772][Microsoft][ODBC SQL Server Driver][Shared Memory]ConnectionOpen (SECDoClientHandshake()). Configuration Manager Setup 2/9/2018 4:43:56 PM 16644 (0x4104) *** Failed to connect to the SQL Server, connection type: SCCM.MyDomain.local MASTER. Configuration Manager Setup 2/9/2018 4:43:56 PM 16644 (0x4104) *** [08001][18][Microsoft][ODBC SQL Server Driver][Shared Memory]SSL Security error Configuration Manager Setup 2/9/2018 4:44:57 PM 16644 (0x4104) *** [01000][772][Microsoft][ODBC SQL Server Driver][Shared Memory]ConnectionOpen (SECDoClientHandshake()). Configuration Manager Setup 2/9/2018 4:44:57 PM 16644 (0x4104) *** Failed to connect to the SQL Server, connection type: SCCM.MyDomain.local MASTER. Configuration Manager Setup 2/9/2018 4:44:57 PM 16644 (0x4104) Removed SQL alias SCCM.MyDomain.local successfully. Configuration Manager Setup 2/9/2018 4:48:02 PM 13440 (0x3480)
The GUI installer would make it all the way to this page, and then error out with a message paraphrased as the instance of SQL 2012 or 2014 needed to be updated. Obviously, this wasn’t the issue since the SQL was 2016 with all of the latest cumulative updates and patches.
We again confirmed that permissions, prerequisites, and the SPNs were correctly in place using “setspn -L bisccm-sqlsvc and also confirmed that another application was able to install to the SQL instance to test permissions and communications.
Everything seemed to be correct until we started digging in the registry, specifically looking at the SCHANNEL protocols.
Here’s what the registry of a standard installation of Server looks like for SCHANNEL.
The registry of the server we had been provided had some unwanted additions. There were keys added to disable TLS 1.0, 1.1, and 1.2.
After we re-enabled the TLS SCHANNEL protocols, the Prerequisite Checker (prereqchk.exe /LOCAL) was able to run without any errors, and the install was able to complete as well.
Lucas Guth, PEI
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.