The Realm of the Verbal Processor

Jarvis's Ramblings

SCCM Backup Issues

For the last week I have been attempting to back up my SCCM server before it goes into production. The backup has been failing, so I have been in major “trouble shoot” mode. Basic scenario is this… SCCM is installed on a VMWare virtual machine. The SQL database is offloaded to a clustered SQL server. When the backup ran, it would fail after about five seconds and leave the following four lines in the smsbkup.log.

>>>>>>>>>>>>
Info: Sending message to start the SQL Backup…
Couldn’t connect to \\SQLcluster registry
STATMSG: ID=5049 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_SITE_BACKUP” SYS=SCCMserver SITE=LHT PID=3400 TID=924 GMTDATE=Wed Jan 23 19:21:16.539 2008 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0
Error: Failed to send start message to the SqlBackup.
>>>>>>>>>>>>

I re-confirmed that the SCCM server’s machine account was in the admin group on the SQL server. I also knew that I had already taken care of the SPN registration issue, so I posted on the Technet SCCM forum. In hindsight, Stan White (a moderator on the forum) nailed the answer on his first reply…I just misunderstood what he was saying. After much other troubleshooting, I realized that if I started a cmd prompt as local system, I was able to map a drive to the administrative shares on the SQL server nodes as local system, but I was NOT able to map a drive to the cluster. (i.e. SQLcluster is made up of SQLserver1 and SQLserver2. I was able to map to \\SQLserver1\c$, but was not able to map to \\SQLcluster\c$.) This led me to search Google and found this thread (and Ragnar’s post in particular) which put me in the right direction…the direction that Stan specifically pointed to.

The root problem is that Kerberos authentication was not enabled on the cluster. When Kerberos is enabled on the cluster, it publishes the cluster name to Active Directory. Until that is done, the server name “SQLcluster” does not exist in AD…so it can’t be communicated with via Kerberos. I found a few articles that talk in more detail about how to enable Kerberos on the cluster here, here, and here.

After our DBA enabled Kerberos on the cluster last night, I was able to get a successful backup. Now I can move on to other things.

I’d like to acknowledge that my friend Tim is the one who asked a couple of key questions about authentication that caused me to find Ragnar’s post above.

January 30, 2008 Posted by | ConfigMgr | , , , , , | 2 Comments

   

%d bloggers like this: