Brian I am not sure that the untrusted forest site system should itself be granted permissions rather that you will create a username/Password combination for access and then send that information down to the site system when you configure it. There is a good set of blogs http://blogs.technet.com/b/neilp/archive/2012/08/24/cross-forest-support-in-configmgr-2012-part-3-deploying-site-server-site-systems-in-an-untrusted-forest.aspx which look at this Jason From: [email protected] To: [email protected] Subject: RE: [mssms] MP errors (SQL) on site system in DMZ Date: Wed, 26 Feb 2014 09:39:59 -0600
I'm looking into this further and as I understand I need to give my computer account (Site System in the DMZ) local admin rights to my Primary Site Server in my internal domain. This is something I have not done yet, while isn't going to be the problem solver as the below is SQL issues draws up more questions on the requirements for deploying site systems in the DMZ in an UNTRUSTED domain. :) Is anyone else running DMZ site systems in an untrusted domain that has experience with this? Thanks, Brian From: [email protected] To: [email protected] Subject: [mssms] MP errors (SQL) on site system in DMZ Date: Tue, 25 Feb 2014 18:01:36 -0600 I installed a MP/DP in my DMZ recently (in an untrusted domain) in my SCCM 2012 R2 environment. I checked Site Status and noticed the following error: Message ID: 9804 Notification Server on BOBBY.XYZ.COM failed to connect to the site database CM_P1. Possible cause: Notification Server failed to connect to the site database. Possible causes: 1) Network is temporarily unavailable 2) Firewall misconfiguration 3) Authentication issues ERROR: Can't retrieve SQL connection. Exception: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - No such host is known.)~~ $$<SMS_NOTIFICATION_SERVER><02-25-2014 17:19:54.801+360><thread=2688 (0xA80)> ERROR: Don't have SQL connection when get resync flag~~ $$<SMS_NOTIFICATION_SERVER><02-25-2014 17:19:54.801+360><thread=2688 (0xA80)> ERROR: Don't have SQL connection when retrieve push tasks~~ $$<SMS_NOTIFICATION_SERVER><02-25-2014 17:19:54.801+360><thread=4892 (0x131C)> Seems to be an issue connecting to SQL from my MP/DP. From the above it appears to be either Firewall ports or authentication. Firewall ports 4022 are open I believe. Is there anything else I should be looking at or have my networking team review? Thanks, Brian
