Understanding Kerberos and NTLM authentication in SQL Server Connections

This post focuses on how NTLM and Kerberos are applied when connecting to SQL Server 2005 and try to explain the design behavor behind several common issues that customers frequently hit.

If you are having problems connecting to SQL then this is a good place to start!

Article here

Kerberos Explained
Really good article explaining, you guessed it, Kerberos!

Simply explained SPN and Kerberos.. good blog!
Another good article about Kerberos Constrained Delegation with SQL Server 2008

Linked server

Testing SQL connections with local system account


How does SCUP work with ConfigMgr and SP1

SCUP can retrieve all available catalogs that are free -> downloads the meta data for the catalogs you imported and saves it in WSUS -> SCUP admin publishes one or more updates (automatic, full content or metadata only) -> updates are stored in WSUS (depending on the settings from the last step). Updates (metadata) will be imported into ConfigMgr on the next SUP sync. ConfigMgr admin adds updates to an update list and “downloads” the binaries from WSUS. They will be stored in an updates packages that has to be distributed to DP(s). Clients locate content on DP (depending on the boundary/group settings etc)

With ConfigMgr 2012 SP1 there is the ability to have multiple SUP’s in a site. FOr high availability, you will need to publish the SCUP update to both SUP’s as SCUP will only by default connect to one SUP and publish updates. You will have to manually connect to the additional SUPs and publish the update content.

Configmgr 2012 CU2 can not create secondary sites after installing hotfix

There is a known bug with installing ConfigMgr 2012 CU2 which can prevent the creation of a secondary sites after installing the hotfix.


INFO: Configuring database replication tables…
*** [42000][50000][Microsoft][SQL Server Native Client 11.0][SQL Server]Object ‘PullDPResponse’ does not exist : spConfigureReplication
ERROR: Failed to execute dbo.spConfigureReplication.
ERROR: Failed to configure SQL Server replication tables.
~Setup cannot create the required database tables. Contact your SQL administrator.
~Setup has encountered fatal errors during database initialization. Contact your SQL administrator.

The bug has been fixed and will most likely be rolled out in the next CU.

This issue does not affect upgrades of existing secondary sites, or any other aspects of the Configuration Manager hierarchy.

Problem Description and Symptoms
1.You installed System Center 2012 Configuration Manager SP1.
2.You applied the Cumulative Update 2 (KB2854009) in the hierarchy.
3.You installed a new secondary site or tried to recover an old secondary site using the Installation Source Files option: “Copy installation source files over the network from the parent site server”.

The ConfigMgrSetup.log file will contain errors similar to the following after an installation attempt:


INFO: SQL Server Script: Creating object spupdatemessageactivity~

INFO: Configuring database replication tables..

*** [42000][50000][Microsoft][SQL Server Native Client 11.0][SQL Server]Object ‘PullDPResponse’ does not exist : spConfigureReplication

ERROR: Failed to execute dbo.spConfigureReplication.

ERROR: Failed to configure SQL Server replication tables.



You can use either of the following workarounds to install a secondary site.

1.Using the Create Secondary Site Wizard, change the Installation Source Files setting to another location, instead of the parent primary site.
a.Create a shared folder with the System Center 2012 Configuration Manager SP1 CD and Redist folders. Download the prerequisite distributable files for the Configuration Manager installation and copy them to \SMSSETUP\Redist\. For additional instructions see http://technet.microsoft.com/en-us/library/gg712320.aspx#BKMK_InstallSecondarySite.
b.Run the Create Secondary Site Wizard to install a secondary site.
c.On the page Installation Source Files, choose “Use the source files at the following network location”, and specify the CD share folder.

2.Replace the ReplicationConfiguration.xml file on the primary site with the original one from the SP1 CD.
a.Find ReplicationConfiguration.xml on the SP1 CD, and overwrite the file on your primary site (\bin\x64) with the version from the SP1 CD. WARNING: DO NOT EDIT THIS FILE as editing will change the timestamp and prevent future servicing updates to the file.
b.Restart the SMS_EXECUTIVE service.

You should be able to deploy the secondary site on a clean machine now.

If the secondary site installation has failed, you will need to manually clean up the following before you attempt to reinstall. To do this:
•Delete the SMS registry key on the secondary site machine – HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS
•Delete the database created on the secondary site machine.

Note: you still need to apply the Cumulative Update 2 on your secondary site after the installation.

How to determine if the ConfigMgr Rebuild Indexes site maintenance task is running

I’ve found that the indexes on our SQL Server instances for Configuration manager to be severely fragmented. In investigating, I discovered that even though the Rebuild Indexes site maintenance task was set to run 1x /week, it never ran. Our SQL Server installations are remote on the CAS and our largest primary site, so don’t know if that is a factor. It did not work for us at ConfigMgr 2012 RTM, or at SP1 (where are now). Other MVPs have reported this issue as well. (Update: I have seen this fail to run on SCCM 2007 sites as well. However, it is not consistent in when it fails to run, Microsoft closed this bug as unable to reproduce.)

Click here