SharePoint Configuation Database Error Message

[Raymond Chiu (gatorback]

BACKGROUND
============
I have outlined the symptoms, action taken, and questions below. There is a
lot of info here and I hope that it is organized for easier digestion. I
would like to think that I have taken due diligence, however, I suspect that
I would not be posing this question if it were truly so…

This is SharePoint (SP) <=> SQL Server 2000 (SQL) configuration issue: both
on different boxes, same domain = JAGUAR. The ‘Set Configuration Database
Server’ webpage creates the SP configuration database.

The machinename = “front†is Win2k3 server & Domain Controller. I am logged
in as domain administrator (JAGUAR\Administrator). Attempting to configure
SP from this machine

The machineame = “back’ has SQL Server 2000 (SQL) installed.

I followed the instructions:
* Inputting the Database Server = back
* SQL Server DB name = WSSConfigDB
* Selected “Use Windows Authentication†SQL Server 2000 (SQL)
* Selected “users already have domain accounts…â€


SYMPTOMS
==========
The following error codes were seen depending on “Database Server†entered:

1) Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection. (Error code: 18452).
2) [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or
access denied. (Error code: 17).



ACTION TAKEN
=============

I have tried these variations on the “Server Name†field.
1. DOMAIN entered in ‘Database Server’ Field (instructions show this): Error
Code 17
2. Local Machine Name entered ‘Database Server’ Field: Error code 18452
3. MachineName.DOMAIN entered in ‘Database Server’ Field (ErrorCode=17)

I have ensured all database server roles included Security Administrator and
DB Creator.

I have tried suggestions in http://support.microsoft.com/kb/823287. Unable
to determine which SQL logon account is associated with the Application Pool
logon = “Network Serviceâ€.

QUESTIONS
==========
1. Is the local SQL machine’s name (‘back’) the Database Server Name? I
suspect this is the problem or one of the problems.
2. Why do the instruction show using the domain name for the database server
name? (‘xabyte2’)
3. What is the root cause of the error message?

Any suggestions are appreciated. Thank you.

 

[Raymond Chiu (gatorback]

UPDATE
=======

I used the SA (System Admin) SQL Server account to create the WSS Config DB.
(vs. DOMAIN acount). What domain account were they using to logon anyways?

Do I need to change any permissions on the WSS Config DB to ensure that
Sharepoint can access its Config DB?

 

[Danny Shak]

I had the same problem as you, and was very very frustrated. Not everything
in my environment is the same, but what I had in common with you was that the
SQL server was remote from the WSS server.

At first I treated this as some software bug, or network problem, etc, but
that didn't pan out. After some research, I was finally able to get it
working properly with Windows Authentication. I'm documenting what I found in
detail for you and for my own future reference.

I believe the cause of the problem is a documentation error in Microsoft's
"Project Server 2003 Installation Guide". The first section of Chapter 6
(Configure Windows Sharepoint Services) is titled "Installing Windows
Sharepoint Services with a new database". Within that section you'll find the
step "Configure the Administrative Virtual Server". This step directs you to
create an IIS 6.0 application pool for just for SharePoint. It specifies the
"Network Service" account as the account to use. In fact, this will fail by
default against a remote SQL Server.

Instead you can use a real domain account (i.e. a service account you create
for this purpose) as the Application Pool's identity account - for example,
MyDomain\WssService. This account would need a login created for it on the
SQL server (e.g. the server you referred to as "back"). That login should
have the roles "Security Administrators" and "Database Creators" assigned to
it.

This is mentioned in Chapter 4 (Prepare the Server) in the first section
"Create User Accounts", and also in Appendix B (Project Server Service
Accounts), but unfortunately NOT at the critical point in Chapter 6!

In fact you can use the "Network Service" account as the application pool
identity account. In that case you need to create a SQL login on the back-end
database server for the WSS server's _Computer_ Account, and assign the
appropriate roles as I mentioned above. In my own case this approach was not
an option because I'm still using an NT4 domain and therefore cannot assign
permissions to computer accounts.

This subject is also explained in these locations:

- "Microsoft Windows SharePoint Services 2.0 Administrator's Guide"
--> chapter "Deployment Scenarios" -> title "Remote SQL Server Deployment"
-> section "After Installation".
--> chapter "Security" -> title "Windows SharePoint Security Services Model"
-> section "Securing SQL Server Connections"
--> chapter "Troubleshooting Other Issues"

- "Microsoft Windows SharePoint Services 2.0 Help"
--> search for title "Use Windows Integrated Authentication with Windows
SharePoint Services"
--> search for title "About Security Options"

Note in the above documentation there are a few places where you risk
getting sidetracked by topics about creating SPNs for domain service accounts
used as the IIS Application Pool identity. Note that this topic only applies
if you're determined to use Kerberos authentication on IIS instead of the
default NTLM authentication. This topic is also discussed at length in KB
article 832769.

Finally, I should mention that although this is not the "recommended"
method, using a SQL Server login instead of Widows Authentication seems to be
a perfectly fine alternative, as your own experience has shown so far.

BACKGROUND
============
I have outlined the symptoms, action taken, and questions below. There is a
lot of info here and I hope that it is organized for easier digestion. I
would like to think that I have taken due diligence, however, I suspect that
I would not be posing this question if it were truly so…

This is SharePoint (SP) <=> SQL Server 2000 (SQL) configuration issue: both
on different boxes, same domain = JAGUAR. The ‘Set Configuration Database
Server’ webpage creates the SP configuration database.

The machinename = “front†is Win2k3 server & Domain Controller. I am logged
in as domain administrator (JAGUAR\Administrator). Attempting to configure
SP from this machine

The machineame = “back’ has SQL Server 2000 (SQL) installed.

I followed the instructions:
* Inputting the Database Server = back
* SQL Server DB name = WSSConfigDB
* Selected “Use Windows Authentication†SQL Server 2000 (SQL)
* Selected “users already have domain accounts…â€


SYMPTOMS
==========
The following error codes were seen depending on “Database Server†entered:

1) Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection. (Error code: 18452).
2) [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or
access denied. (Error code: 17).



ACTION TAKEN
=============

I have tried these variations on the “Server Name†field.
1. DOMAIN entered in ‘Database Server’ Field (instructions show this): Error
Code 17
2. Local Machine Name entered ‘Database Server’ Field: Error code 18452
3. MachineName.DOMAIN entered in ‘Database Server’ Field (ErrorCode=17)

I have ensured all database server roles included Security Administrator and
DB Creator.

I have tried suggestions in http://support.microsoft.com/kb/823287. Unable
to determine which SQL logon account is associated with the Application Pool
logon = “Network Serviceâ€.

QUESTIONS
==========
1. Is the local SQL machine’s name (‘back’) the Database Server Name? I
suspect this is the problem or one of the problems.
2. Why do the instruction show using the domain name for the database server
name? (‘xabyte2’)
3. What is the root cause of the error message?

Any suggestions are appreciated. Thank you.