Upgrading the Domain Manager from 12.8 to 12.9, the following error might occur: "Could not establish a trusted connection to database........"

book

Article ID: 40976

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction

Issue: 

The upgrade fails with the error message below:

<Please see attached file for image>

P15.PNG

Analyzing the TRC_Inst2_ITRM.log the below lines are visible:

04/07/16 11:15:56.0084|33872:|          <   Description   : SQL Server Network Interfaces: The target principal name is incorrect.
Source   : Microsoft SQL Server Native Client 10.0    Error Message : Unspecified error >

Also the SQL Errorlog file returns explicative content for the cause of the issue:

2016-03-12 02:51:25.13 Server      The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x54b, state: 3. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

The above message can be found at any restart of SQL DB server if the conditions have not been fixed yet.

 

Environment:  

Domain Manager installed on Windows 2008 R2 with Remote MDB SQL  

 

Cause: 

Domain AD Account has not the proper permission at Active Directory side and must be fixed prior to progress with the upgrade.

 

Resolution:

1.   Open the Windows Service

2.   Verify the SQL server instance for the SQL Server service, if it is started with a Domain AD account (see picture below):

<Please see attached file for image>

P16.PNG

3.   If yes, then the same AD account must have the “Write service principalname” permission in Active Directory. Work with your network / DBA team in order to verify the same.

4.   Once fixed try to run the upgrade wizard and it should work fine.

 

Additional Information:

Further information on how to set permission in AD for SPN can be found reviewing the MS article below:

https://support.microsoft.com/en-us/kb/811889

“Configure the SQL Server service to create SPNs dynamically for the SQL Server instances”

 

Environment

Release: UASIT.99000-12.9-Asset Intelligence
Component:

Attachments

1558719799656000040976_sktwi1f5rjvs16vfn.png get_app
1558719797579000040976_sktwi1f5rjvs16vfm.png get_app