PENDING SCCM MPDB ERROR - CONNECTION PARAMETERS

[TCE]

Hello Everyone
When we checked the MP_Framework.log we found the below errors:

CMpDatabase::GetClientPublicKeyEx(ClientID='GUID:82394135-75B0-4805-BC6B-106A9E130E1A') failed (0x87d00242).
CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14
=======================================
MPDB ERROR - CONNECTION PARAMETERS
SQL Server Name : Secondary Server\CONFIGMGRSEC
SQL Database Name : CM_XXX
Integrated Auth : True
MPDB ERROR - EXTENDED INFORMATION
MPDB Method : ExecuteSP()
MPDB Method HRESULT : 0x80040E14
Error Description : OLE DB provider "SQLNCLI11" for linked server "Primary Server" returned message "Invalid connection string attribute".
OLEDB IID : {0C733A63-2A1C-11CE-ADE5-00AA0044773D}
ProgID : Microsoft SQL Server Native Client 11.0
MPDB ERROR - INFORMATION FROM DRIVER
SQL Server Name : SCCM-XXX\CONFIGMGRSEC
Stored Procedure : MP_GetCacheInvalidationInfo
Native Error no. : 7412
Error State : 2
Line number in SP : 12
=======================================
MPDB ERROR - CONNECTION PARAMETERS
SQL Server Name : Secondary Server\CONFIGMGRSEC
SQL Database Name : CM_XXX
Integrated Auth : True
MPDB ERROR - EXTENDED INFORMATION
MPDB Method : ExecuteSP()
MPDB Method HRESULT : 0x80040E14
Error Description : OLE DB provider "SQLNCLI11" for linked server "Primary Server" returned message "Invalid connection string attribute".
OLEDB IID : {0C733A63-2A1C-11CE-ADE5-00AA0044773D}
ProgID : Microsoft SQL Server Native Client 11.0
MPDB ERROR - INFORMATION FROM DRIVER
SQL Server Name : SCCM-XXX\CONFIGMGRSEC
Stored Procedure : sp_GetPublicKeyForSMSID
Native Error no. : 7412
Error State : 2
Line number in SP : 16
=======================================
CMpDatabase::GetClientPublicKeyEx(ClientID='GUID:82394135-75B0-4805-BC6B-106A9E130E1A') failed (0x87d00242).

And we checked the MP_Policy.log we found the below errors:

MPDB ERROR - CONNECTION PARAMETERS
SQL Server Name : Secondary Server\CONFIGMGRSEC
SQL Database Name : CM_XXX
Integrated Auth : True
MPDB ERROR - EXTENDED INFORMATION
MPDB Method : ExecuteSP()
MPDB Method HRESULT : 0x80040E14
Error Description : OLE DB provider "SQLNCLI11" for linked server " Primary Server" returned message "Invalid connection string attribute".
OLEDB IID : {0C733A63-2A1C-11CE-ADE5-00AA0044773D}
ProgID : Microsoft SQL Server Native Client 11.0
MPDB ERROR - INFORMATION FROM DRIVER
SQL Server Name : SCCM-XXX\CONFIGMGRSEC
Stored Procedure : MP_GetMachinePolicyAssignments
Native Error no. : 7412
Error State : 2
Line number in SP : 16
=======================================
CPolicyManagerHandler::HandleMessage(): SetComplete(DISCARD) called.
CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14
=======================================

Plus, on Primary SQL Server we found



In addition, Configuration manager properties on the client system only show 2 actions

 

[Gokul]

Similar post exist. Your database logins looks fine. Did you add your
secondary site to db and given permission?

 

[TCE]

Similar post exist. Your database logins looks fine. Need to check more on MP issue . Did you add your
secondary site to db and given permission?

Secondary Sites Install by primary server , I think given permission automatically , However I did not add manually and did not give permission

 

[Gokul]

Hi there ,

Issue is secondary server is unable to contact db [ Invalid connection string attribute"] did you checked the ports ?

 

[TCE]

Hi there ,

Issue is secondary server is unable to contact db [ Invalid connection string attribute"] did you checked the ports ?

In this step we don’t have WSUS, WDS, Remote Control so
The following ports are opened between the primary server and secondary site server.
TCP: 4022, 1433, 135, 445
The following ports are opened between the Primary server and client:
TCP: 80,135, 443,445
The following ports are opened between the Secondary server and client:
TCP: 80,135, 443,445
The following ports are opened between the Client and Secondary server.
TCP: 80, 443, 445, 10123
The following ports are opened between the Client and Primary server.
TCP: 80, 443, 445, 10123
--------------------------------
I'm checking the [ Invalid connection string attribute] , How can i do this?

 

[Gokul]

In this step we don’t have WSUS, WDS, Remote Control so
The following ports are opened between the primary server and secondary site server.
TCP: 4022, 1433, 135, 445
The following ports are opened between the Primary server and client:
TCP: 80,135, 443,445
The following ports are opened between the Secondary server and client:
TCP: 80,135, 443,445
The following ports are opened between the Client and Secondary server.
TCP: 80, 443, 445, 10123
The following ports are opened between the Client and Primary server.
TCP: 80, 443, 445, 10123
--------------------------------
I'm checking the [ Invalid connection string attribute] , How can i do this?

1.Do you have remote db?
2.check your eventviewver once , may be you could find some error related to authentication

 

[TCE]

1.No

2. I checked (Event Viewer > Windows Logs > System) and found this error

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server SQLUser. The target name used was MSSQLSvc/Primary Server:1433. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (ABC.COM) is different from the client domain (FGH.ABC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

 

[Gokul]

The logs says it's a
Kerberose authentication issue

 

[Gokul]

Is it resolved?

 

[TCE]

Is it resolved?

Not yet

 

[Gokul]

Did you tried below steps.

Fixing the Security-Kerberos / 4 error

docs.microsoft.com

Secondary servers unable to contact MPDB

social.technet.microsoft.com

 

[TCE]

Did you tried below steps.

Fixing the Security-Kerberos / 4 error

docs.microsoft.com

Secondary servers unable to contact MPDB

social.technet.microsoft.com

We tried the Kerberos error was resolved, but mp_framework is still full of errors.

Only on secondary site in event viewer I saw Kerberos error but on primary site I hadn’t any error, In our structure primary sccm is in forest root and secondary site is in child domain, we setspn the sql user for Primary site on root forest.

• Is it need to do something on child domain? Or need configuration SQL express on secondary site?
• Should i setspn for secondary site computer account on forest root SQL user?
• Is it need to check configuration on SQL Server Configuration Manager on secondary site server?

MP_Policy log on primary server we found :

CHandlePolicyAssignmentRequest::CreatePolicyRequestStagingFile: cannot create or find policy request file

CHandlePolicyAssignmentRequest::Execute(): CreatePolicyRequestStagingFile() failed with error: 0x80070020.

CPolicyManagerHandler::HandleMessage(): SetComplete(DISCARD) called.

Do you have any idea to resolve mp_framework on secondary site errors?