CNAMEs and FEP installation

  • Article

From Shain Wray, CSS

Using a CNAME (alias) DNS record for the server name when installing the Configuration Manager site database server components is supported in Configuration manager setup. However, it is not allowed by FEP and causes errors during setup.

A workaround for this issue is to avoid using the CNAME and change the site database server name in Configuration manager to the name of the site database server that is listed in Active Directory. Use the following steps to work around this issue.

  1. On the primary site server computer, use the hierarchy maintenance tool (Preinst.exe) to stop all site services with the following command: Preinst /stopsite.
  2. On the primary site server computer, click Start, click All Programs, click Microsoft System Center, click Configuration Manager 2007, and click ConfigMgr Setup, or navigate to the .\bin\i386 directory of the Configuration Manager 2007 installation media and double-click Setup.exe.
  3. Click Next on the Configuration Manager Setup Wizard Welcome page.
  4. Click Perform site maintenance or reset this site on the Configuration Manager Setup Wizard Setup Options page.
  5. Select Modify SQL Server configuration on the Configuration Manager Setup Wizard Site Maintenance page.
  6. Enter the appropriate SQL Server name and instance (if applicable) for the new site database server as well as the site database name on the Configuration Manager Setup Wizard SQL Server Configuration page.
  7. Configuration Manager Setup performs the SQL Server configuration process.
  8. Restart the primary site server computer, and verify the site is functioning normally.

 

Symptom:

When using a CNAME, you experience a FEP installation failure during the Reporting Services database installation. The FEP installation user interface displays a generic failure error. When reviewing the ServerSetup_<date_time>.log file, an error similar to the following is logged –

[2/7/2011 3:02:38 PM][Verbose] Successfully retrieved site info: Site server: SCCMSVR. Site Name: CONTOSO Development Site. Site Code: TEST. Site DB server: DB1. DB Name: CONFIGMANAGER_TEST. DB Instance: MSSQLSERVER. SRS Computers: SCCMSVR.CONTOSO.COM
[2/7/2011 3:02:38 PM][Verbose] Machine account resolver received machine name 'DB1'
[2/7/2011 3:02:38 PM][Verbose] Successfully connected to Domain Controller. LDAP path: 'LDAP://contoso.com'
[2/7/2011 3:02:38 PM][Verbose] Successfully constructed AD search filter. Filter: '(&(objectclass=computer)(objectCategory=computer)(cn=DB1))'
[2/7/2011 3:02:38 PM][Verbose] Successfully constructed AD search filter. Filter: '(&(objectclass=computer)(objectCategory=computer)(dnsHostName=DB1))'
[2/7/2011 3:02:38 PM][Verbose] AD query result is empty
[2/7/2011 3:02:38 PM][Verbose] Unexpected exception while resolving machine account. Domain Controller: 'DB1'. Exception: Microsoft.Forefront.EndpointProtection.Configure.Utility.ActiveDirectoryUtilitiesException: Setup cannot resolve the fully qualified domain name for the following computer in Active Directory.
[2/7/2011 3:02:38 PM][Verbose]> Verify the following: the computer name is correct, the local computer is connected to the domain, the specified computer is a member of the same domain as the local computer, the specified computer is connected to the domain. Computer name: DB1
[2/7/2011 3:02:38 PM][Verbose]> at Microsoft.Forefront.EndpointProtection.Configure.Utility.ActiveDirectoryUtilities.GetMachineAccount(String comuterName)
[2/7/2011 3:02:38 PM][Normal] The SQL Server computer cannot be found in Active Directory. Please verify that the provided computer name is valid, and that the computer is properly joined to the domain. If the specified computer is a SQL Server cluster, make sure that you have specified the cluster's SQL Network Name, and that the cluster is properly joined to the domain using 'Cluster Administrator'. SQL Server computer name: DB1. Error message: Failed to resolve machine account for DB1. Exception: Setup cannot resolve the fully qualified domain name for the following computer in Active Directory.
[2/7/2011 3:02:38 PM][Normal]> Verify the following: the computer name is correct, the local computer is connected to the domain, the specified computer is a member of the same domain as the local computer, the specified computer is connected to the domain. Computer name: DB1