Microsoft KB Archive/916904

= The proxy management points of the secondary site in Systems Management Server 2003 cannot access SQL Server after you move SQL Server to new hardware =

Article ID: 916904

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Systems Management Server 2003

-





SYMPTOMS
After you move the Microsoft Systems Management Server (SMS) 2003 central primary site database to new hardware, the secondary site cannot access SQL Server. This behavior occurs because the secondary site proxy management points cannot connect to the primary site database.

Additionally, the following error messages are logged on the log files in the secondary sites.

Mpcontrol.log

Http verification .sms_aut failed with no header recieved

Failed to receive http response. Error 12152

Http verification .sms_aut failed with no header recieved

Ccmexec.log

Request failed: 401 Access Denied

Request failed: 401 Access Denied

Could not load logging configuration for component PolicyAgent_ReplyAssignments. Using default values.

Mp_Getauth.log

CMPDBConnection::Init: IDBInitialize::Initialize failed with 0x80040e4d

CMPDBConnection::Init: IDBInitialize::Initialize failed with 0x80004005

CMPDBConnection::Init: IDBInitialize::Initialize failed with 0x80040e4d

CMPDBConnection::Init: IDBInitialize::Initialize failed with 0x80040e4d

Mp_Policy.log

CPolicyManagerHandler::HandleMessage: SetComplete(DISCARD) called.

CMPDBConnection::Init: IDBInitialize::Initialize failed with 0x80040e4d

CPolicyManagerHandler::HandleMessage: SetComplete(DISCARD) called.

CMPDBConnection::Init: IDBInitialize::Initialize failed with 0x80004005

CPolicyManagerHandler::HandleMessage: SetComplete(DISCARD) called.

In some cases, the following error message is logged in the Mp_Getauth.log:

CMPDBConnection::ExecuteSQL: ICommandText::Execute failed with 0x80040E09



CAUSE
This problem occurs because the security identifier (SID) of the SMS_SitetoSQLConnection group is changed during the restore process of the SQL Server database. However, the SID of the SMS_SitetoSQLConnection group user in the database is not changed. SQL Server does not allow for authentication of the Site System Database account, the SMS_SQL_RX_ or the alternate user account in Standard security, or the site system computer account in Advanced security.



RESOLUTION
To resolve this problem, remove and then add the SMS_SiteSystemtoSQLConnection_ group in the SQL Server Enterprise Manager logins. To do this, follow these steps:  Open SQL Server Enterprise Manager. In the SQL Enterprise Manager snap-in, expand Microsoft SQL Servers, expand SQL Server Group, expand, expand Databases, expand  , and then click Users. Right-click SMS_SiteSystemToSQLConnection_  in the details pane, and then click delete. Expand Security, right-click Logins, and then click New Login. On the General tab, type \SMS_SiteSystemToSQLConnection_ in the Name box, and then click the Database Access tab. Click to select the Permit check box for the SMS_ database, and then click to select the public database role check box.</li> Click OK</li> In the SQL Server Enterprise Manager view pane, click  Users.</li> Right-click the SMS_SiteSystemToSQLConnection_  user in the details pane, click Properties, and then click Permissions.</li> In the Object list, click to select the appropriate check box for each permission in the following table. </li> Click OK two times to close the User Properties.</li></ol>

<div class="workaround_section">

WORKAROUND
To work around this problem, use one of the following methods.

Note Use these methods as temporary solutions because both methods work around the SitetoSQLConnection group.

Method 1
Add the Site System Database account to the local administrators group of the parent site.

Method 2
<ol> Open the SMS Administrator console</li> Navigate to the secondary site that is the proxy management point.</li> Click Site Systems, right-click the proxy management point server, and then click Properties.</li> On the Management Point tab, change the Database drop-down list box from Use Parent Database to Use a Different Database.</li> Type the applicable database server name, the database name, and then the authentication information.

Note This can be either SQL Server or Windows authentication. We recommend that you use Windows authentication as the best practice. For more information, see the &quot;SMS 2003 Security Best Practices&quot; section in the Scenarios and Procedures for Microsoft Systems Management Server 2003: Security white paper. To view this white paper, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=3d81b520-a203-4376-a72d-fd34a6c4a44c&DisplayLang=en

</li> Click OK, and then close the SMS Administrator console.</li> Restart the SMS Executive service on the secondary site server.</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbsmsrecovery kbsmsmp kbtshoot kbexpertiseadvanced kbfix kbbug kbprb KB916904

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.