ConfigMgr Secondary Site Prerequisite Checks
This post details the ConfigMgr Secondary site prerequisite checks and we will fix some common errors and warnings that occur during SCCM Secondary Site installation.
You don’t want your SCCM secondary site installation to fail due to any errors or warnings. Hence a prerequisite check is a must before you install SCCM secondary site.
After a long time I decided to install Secondary Site in my ConfigMgr lab. In my blog post I have covered the steps for ConfigMgr Secondary Site installation. You can use the guide to install ConfigMgr Secondary site in your environment whenever you plan to.
Although you don’t need a SCCM secondary site in lab but I still decided to install it. However this time I encountered some warnings and errors while doing the ConfigMgr Secondary Site prerequisite checks. These are the common ConfigMgr secondary site prerequisite errors and warnings that most of us encounter. If you install all the secondary site prerequisites, you may not get those errors or warnings.
SCCM Secondary Sites help control bandwidth utilization by managing the flow of client information sent up the hierarchy. When you deploy secondary site, you do not require a local administrator for the site. This is because you manage secondary site either from CAS or primary site.
Most of all the secondary sites are always attached to a primary site. If you wish to move them to a different parent site, you have to uninstall it first and then reinstall them as child site with new primary site.
There are lot of things that you need to consider while setting up a secondary site. Microsoft documentation contains some points that should help you determine when to use ConfigMgr Secondary Site.
Table of Contents
Run ConfigMgr Secondary Site Prerequisite Checks
Before you install SCCM secondary site, run the prerequisite check tool prereqchk.exe. This tool runs the ConfigMgr Secondary site prerequisite checks and lists out errors or warnings.
Whenever you plan to install secondary site, you must run this prerequisite check tool. The prereqchk.exe must be run on the primary site server.
To run the ConfigMgr Secondary site prerequisite check using prereqchk.exe.
- Copy the Configuration Manager media to the primary site server.
- The Secondary site prerequisite check tool prereqchk.exe is located in \SMSSETUP\BIN\X64 folder.
- Launch the command prompt as administrator and run the below command to begin the secondary site prerequisite checks.
prereqchk.exe /SEC secondary_server_name_FQDN /INSTALLSQLEXPRESS /Ssbport 4022 /Sqlport 1433
In the above command you must substitute your secondary site server name and run it. There are several ConfigMgr Secondary Site prerequisite checks done and you will see the prerequisite checker tool in few seconds.
ConfigMgr Secondary Site Prerequisite Checks Warnings
Listed below are some of the common warnings that you see while performing the prerequisite check on secondary site.
- SQL Index Create Memory Option
- Verify site server permissions to publish to Active Directory
- SQL Server Native Client version
- IIS Service running
- BITS Installed
- BITS Running
ConfigMgr Secondary Site Prerequisite Check Errors
Listed below are the secondary site errors during secondary site prerequisite check.
- Microsoft Remote Differential Compression (RDC) library registered
- Minimum .NET framework version for Configuration Manager site server
- Site Server Computer account administrative rights.
- Parent/Child Database Collation
- Dedicated SQL Server Instance
- SQL Server Service Running Account
Verify site server permissions to publish to Active Directory
The reason why you see this warning is the site server might be unable to publish to Active Directory. The computer account for the site server must have Full Control permissions to the System Management container in its Active Directory domain.
The same warning also appears while installing a primary site. The primary site server computer account must be granted Full Control permissions to the System Management container and all its child objects.
If you have secondary sites, the secondary site server computer account must also be granted Full Control permissions to the System Management container and all its child objects.
To grant the SCCM secondary site server computer account full control permissions on System Management container, follow these steps.
- Open the Active Directory Users and Computers. Click View and select Advanced Features.
- Right click System Management and delegate control.
- On the next screen click Add.
- In the Object Types select computers and click OK.
- Type the SCCM Secondary Server name and click Check Names.
- Select the SCCM Secondary Server computer from the list.
- In the Tasks to Delegate window, select Create a Custom task to delegate.
- Select the default option This folder, exiting objects in this folder and creation of new objects in this folder. Click Next.
- Select all the three permissions and click on full control.
- Click Finish to close the delegation wizard.
BITS Installed and BITS Running
This warning can be easily fixed by installing the BITS on SCCM Secondary site computer.
Background Intelligent Transfer Service (BITS) is required for the management point and distribution point site system roles. BITS is not installed, IIS 6 WMI compatibility component for IIS7 is not installed on this computer or the remote IIS host, or Setup was unable to verify remote IIS settings because IIS common components were not installed on the site server computer. Also, check if IIS/BITS services are running properly. Setup cannot continue until BITS is installed and enabled in the IIS settings.
To install BITS, launch the server manager and click Tools > Add Roles and Features. On the Features page, enable Background Intelligent Transfer Services (BITS) and click Next. Complete the BITS installation.
IIS Service running
Similar to BITS, you also need the IIS service running on the server before you install SCCM secondary site.
Internet Information Services (IIS) is required for some site system roles. You have selected to install a site system role that requires IIS. Install IIS on the site system to continue setup.
To install IIS, launch the server manager and click Tools > Add Roles and Features. On the Roles page, select Web Server (IIS) and click Next. You also need to enable .NET Framework 3.5 which is done in next step.
Minimum .NET framework version for SCCM Secondary Site
The Microsoft .NET Framework 3.5 is required for Configuration Manager site server installation. So after you enable Web Server (IIS) and click Next, we will also enable .NET Framework 3.5 features. Click Next and install the features.
We have installed missing prerequisites required for SCCM secondary site setup.
Microsoft Remote Differential Compression (RDC) library registered
For SCCM secondary site, the Microsoft Remote Differential Compression (RDC) library must be registered for Configuration Manager site server installation. You can fix this error by installing the Remote Differential Compression feature on the server.
To enable Microsoft Remote Differential Compression, launch the server manager and click Tools > Add Roles and Features. On the Features page, enable Remote Differential Compression and click Next. Complete the RDS installation.
Restart your server after you install remote differential compression.
Site Server Computer account administrative rights
The error Site Server Computer account administrative rights is a common ConfigMgr Secondary site prerequisite check error. Configuration Manager Setup requires that the site server computer has administrative rights on the SQL Server and management point computers.
On the SCCM secondary site server add Primary Site server computer account to local Administrator group. Login to your server where you intend to install SCCM secondary site and go to local users and groups. Select Groups and go to Administrators group properties. Add your primary site server computer account and click OK.
SQL Index Create Memory Option
The SQL Index Create Memory Option is actually a warning and you may ignore this. However let me show you how to fix this. As per the description, SQL Index create memory is not configured as default value of 0 and might hit issue.
As a best practice it is highly recommended to set the value of Index Create Memory KB to zero. This will help SQL Server to allocate memory for index creation dynamically. However in our case since we need to SQL Index Create Memory Option warning, we will modify the index creation memory option.
Login to the SQL Server and launch SQL Server Management Studio. Connect to the database engine. Right click SQL server and click Properties. Select the Memory option and under Other memory options, change the index creation memory (KB) from 0 to 704. Click OK.
SQL Server Native Client version
During the ConfigMgr Secondary Site prerequisite checks, one of the common warnings that you see is SQL Server native client version check. Configuration Manager sites require a supported SQL Server Native Client version. To enable TLS 1.2 support, you must install a supported version of SQL Server Native Client on the specified site server.
This warning also appears when you install SCCM secondary site. I remember while installing SCCM 1810 update, this warning appeared for many during the prerequisite check. The solution to this issue is to install SQL Server native client on your SQL server. Here is my post that covers on how to fix SQL Server Native Client version.
Dedicated SQL Server Instance
Configuration Manager requires a dedicated SQL Server instance to host its site database. You can ignore this error because since you have already set up the SCCM primary site with dedicated SQL Server instance there is nothing to worry.
ConfigMgr Secondary Site SQL Server SysAdmin Rights
Either the user account running Configuration Manager Setup or NT AUTHORITY\SYSTEM does not have sysadmin SQL Server role permissions on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions. Setup cannot continue.
To fix this, open SQL Server Management Studio and connect to your database server and instance. Expand Security > Logins. Right-click on NT AUTHORITY\SYSTEM and select Properties. On the Server Roles node, check the box for sysadmin. Click OK.
Parent/Child Database Collation
This is a weird error that you see while performing the ConfigMgr Secondary site prerequisite checks. The collation of the site database does not match the collation of the parent site’s database. All sites in a hierarchy must use the same database collation.
You may ignore this error because you haven’t setup the SCCM secondary site yet. You get this error if you are running the prerequisite check without specifying the options such as /INSTALLSQLEXPRESS /Ssbport 4022 /Sqlport 1433.
After you fix all the ConfigMgr Secondary Site prerequisite checks errors and warnings, the secondary site should install without any issues. I hope this post helps.
after upgrading to SCCM 2107, i get this error on the secondary site server, in the mpcontrol.log.
CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14 MP_LocationManager 08-10-2021 09:53:50 7692 (0x1E0C)
======================================= MP_LocationManager 08-10-2021 09:53:50 7692 (0x1E0C)
MPDB ERROR – CONNECTION PARAMETERS
SQL Server Name : SERVERFQDN\CONFIGMGRSEC
SQL Database Name : CM_DMZ
Integrated Auth : True
MPDB ERROR – EXTENDED INFORMATION
MPDB Method : ExecuteSP()
MPDB Method HRESULT : 0x80040E14
Error Description : Cannot find either column “dbo” or the user-defined function or aggregate “dbo.fn_GetBuildNumber”, or the name is ambiguous.
OLEDB IID : {0C733A63-2A1C-11CE-ADE5-00AA0044773D}
ProgID : Microsoft SQL Server Native Client 11.0
MPDB ERROR – INFORMATION FROM DRIVER
SQL Server Name : SERVER\CONFIGMGRSEC
Stored Procedure : MP_GetAssignedMPListForSite
Native Error no. : 4121
Error State : 1
Class (Severity) : 16
Line number in SP : 79
MP_LocationManager 08-10-2021 09:53:50 7692 (0x1E0C)
=======================================
MP_LocationManager 08-10-2021 09:53:50 7692 (0x1E0C)
CHandleLocationRequest::CreateReply failed with error (80040e14). MP_LocationManager 08-10-2021 09:53:50 7692 (0x1E0C)
MP LM: Message discarded MP_LocationManager 08-10-2021 09:53:50 7692 (0x1E0C)
When i dig into the sql db, i cant find the function
dbo.fn_GetBuildNumber
on the secondary site server, Its on the primary server, where i dont get these errors.
I have tried to find out how to copy the function from the primary db to the secondary db, but havent succeedes yet.
I have recovered the secondary site twice, without that changing anything, I cant find anything in the logs files about failure during secondary site recovery.
All SCCM monting points are green, the secondary site is reporting all good.
New Clients cant register on the secondary site, but they get a no location reply from the mp.
Clients can access the MP IIS with out problems, MP says eHTTP is working fine.
Already installed clients reports connected in the console. but they cant download updates.
In the MP_registration log i can find this
Failed to issue token for client ‘GUID:99B48CA0-B4DE-4CFB-B13B-79F8495E4EB9’. Error 0x80004003, ‘(null)’ MP_RegistrationManager 08-10-2021 09:39:48 5020 (0x139C)
Failed to get self-prove token for ‘GUID:99B48CA0-B4DE-4CFB-B13B-79F8495E4EB9’, 0x80004003 MP_RegistrationManager 08-10-2021 09:39:48 5020 (0x139C)
BUT, tokens looks like they are only need for CMG and we dont use that..
Any ideas about what the h…. is going on ?
Woop woop 🙂
I copied the missing function (dbo.fn_GetBuildNumber) from the primary site db to the secondary site db
Errors gone 🙂