Over the last week, I’ve been re-installing my SCCM lab environment to SCCM 2012 SP1. I’m using Windows Server 2012 as the base OS for all site system roles and all database engines and SQL reporting server run on SQL 2012.
I got stuck few days ago when I was building my first secondary site. I was trying to use a pre-installed SQL 2012 Express With SP1 instance for the secondary site database. I followed the instruction that I have previously blogged for SQL Express 2008 R2: http://blog.tyang.org/2012/04/09/installing-sccm-2012-rtm-secondary-site-using-a-pre-installed-sql-express-2008-r2-instance/
After I installed and configured the SQL express instance for the secondary site, I started the secondary site install (from the parent primary site). However, I was keep getting this error during the prerequisites check:
SQL server sysadmin rights:
Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permission on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions. Setup cannot continue.
Prerequisite check result:
The error suggested that my account does not have sysadmin rights. In fact, both my user account and the site server computer account have sysadmin and dbcreator rights in that SQL 2012 instance.
I then tried few different SQL configurations, including using default instance rather than named instance (CONFIGMGRSEC), and using SQL 2012 Enterprise rather than Express edition, they made no difference. I then installed SQL 2008 R2 Express With SP2 (with exact same configuration in terms of security, collation, using named instance, enabling SQL Server Browser service, etc). and the pre-requisite checks passed and secondary site got successfully installed.
After I compared settings in SQL 2008 R2 and the SQL 2012 Express instance I had installed on another secondary site server, I found the issue:
During SQL 2012 install, the sysadmin rights was not granted to the local system account (NT AUTHORITY\SYSTEM). In SQL 2008 R2, “NT AUTHORITY\SYSTEM” account by default has sysadmin rights. During the prerequisites check, SCCM installs a series of services on the target secondary site server to perform the checks. these services are installed to run under LOCALSYSTEM account. The SQL sysadmin rights check failed because the LOCALSYSTEM account does not have sysadmin rights as it was running under LOCALSYSTEM account. To a degree, the error message is somewhat misleading in my opinion.
i.e. system event log entry for one of the services installed by prerequisites check:
So to fix the issue, I simply gave “NT AUTHORITY\SYSTEM” account the same access in SQL 2012 as in SQL 2008 R2:
sysadmin and securityadmin role:
To summarise, when installing SCCM 2012 SP1 secondary site on a pre-configured SQL 2012 instance regardless which SQL edition is being used, “NT AUTHORITY\SYSTEM” account needs to be given securityadmin and sysadmin rights. If SQL Express is used, there are few additional steps need to be carried out to configure the SQL TCP connection as documented in my previous blog: http://blog.tyang.org/2012/04/09/installing-sccm-2012-rtm-secondary-site-using-a-pre-installed-sql-express-2008-r2-instance/