Status message 4908 and the Systems Management Server 2003 Advanced Security secondary site cannot add the Proxy Management Point Server Account to a SQL Server connection group (830028)
The information in this article applies to:
- Microsoft Systems Management Server 2003
SYMPTOMS When you install a Microsoft Systems Management Server (SMS) 2003 Proxy Management Point (MP) for a secondary site that is running Advanced security, the machine account from the Proxy MP server may not be added to the SQL Access Group (SMS_SiteSystemToSQLConnection_sitecode) on the SQL server. Therefore, the Proxy MP installation does not work. This installation failure may force Advanced clients to pull policy from the default MP. When they do this, they create unwanted network traffic. Additionally, you may receive the following status message 4908 from Site Component Manager:Site Component Manager could not add machine account "account name" to the SQL Access Group "SMS_SiteSystemToSQLConnection_sitecode" on the SQL Server machine "SQL server".
Possible cause: This site's SMS Service account or the site server's machine account might not have administrative access to the SQL Server computer.
Solution: Manually add the machine account "account name" to the SQL Access Group "SMS_SiteSystemToSQLConnection_sitecode" on the SQL Server machine "SQL server".CAUSEThis issue occurs if the secondary site servers machine account does not have permissions on the SQL server of its parent site to add the Proxy MP machine account to the SMS_SiteSystemToSQLConnection_Sitecode SQL Access group.WORKAROUNDTo install a Proxy MP for a secondary site running Advanced security, add the secondary site server's machine account to the Administrators group on its parent site's SQL server. For example, type the following command
at the command prompt at the parent site's SQL server:
Net localgroup AdministratorGroup DomainName\SecondarySiteServersMachineAccount$ /add
If you do not do this before you install the Proxy MP, you receive the 4908 status message. Alternatively, you can manually add the secondary site server's machine account to the SMS_SiteSystemToSQLConnection_ Sitecode group on the SQL Server. For example, type the following command at a command prompt at the parent site's SQL server: Net localgroup SMS_SiteSystemToSQLConnection_Sitecode DomainName\SecondarySiteServersMachineAccount$ /add
Also, you must explicitly grant the Proxy MP machine account the rights to access the SMS database on the replicated SQL server when you use SQL replication. No SMS SQL Access group is automatically created on a replicated SQL server.
| Modification Type: | Minor | Last Reviewed: | 6/13/2005 |
|---|
| Keywords: | kbprb KB830028 kbAudITPRO |
|---|
|