Possible cause: The component is experiencing a problem.
Solution: Diagnose and fix the problem by:
1. Examine the status messages that the component reports.
2. Correcting the problem.
3. Instructing SMS Component Status Summarizer to reset the counts of Error, Warning, and/or Informational status messages reported by the component. To reset the counts, right-click Reset Counts on the component in the Component Status summary in the SMS Administrator console. When the counts are reset, SMS Component Status Summarizer will change the status of the component to OK. This might take some time if site "NYC" is a child site.
4. Deleting any unwanted status messages from the site database, if necessary.
5. Monitor the component occasionally to verify the problem does not reoccur.
Possible cause: The component is OK and you were unnecessarily alerted because the Component Status Thresholds are set too low for the component.
Solution: Increase the Component Status Thresholds for the component using the Thresholds tab of the Component Status Summarizer Properties dialog box in the SMS Administrator console.
Possible cause: The component is "flooding" the status system by rapidly reporting the same message repeatedly.
Solution: Diagnose and control the flood of status messages by:
1. Verifying that the component is actually flooding the status system. View the status messages reported by the component, and verify that the same message is continually reported every several minutes or seconds.
2. Noting the Message ID of the flooded status message.
3. Creating a Status Filter Rule for site "
4. Verifying that your sites' databases were not filled up by the flooded status message. Delete any duplicate status messages from the site database, if necessary.
5. Refer to the Microsoft Knowledge Base for further troubleshooting information.
SMS_COLLECTION_EVALUATOR
*** [28000][18456][Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON
http://support.microsoft.com/?id=832109
WORKAROUND
To work around this problem, switch from a TCP connection to a Named Pipes connection between the Management Point and the SQL server. This can also be used to test whether the issue is with Kerberos authentication, which TCP uses. Named Pipes uses NTLM authentication. If switching from TCP to Named Pipes does not resolve the issue, run a Network Monitor trace to investigate possible network connectivity issues. If enabling Named Pipes on the Management Point resolves the issue, it indicates that Kerberos authentication is failing and the troubleshooting steps in this article will be helpful in diagnosing the cause. To enable Named Pipes, do the following on the Management Point server. Click Start, click Run, type cliconfg, and then click OK. This starts the Client Network Utility. Add the SQL server NetBIOS name on the Alias tab with Named Pipes selected. This is the default setting. On the SQL server, run the Server Network Utility and make sure Named Pipes is at the top of the protocol stack. The Management Point queries SQL every 10 minutes. A log entry will appear that indicates the number of Management Points in the site. This indicates a successful connection.
Verify permissions
To start troubleshooting these symptoms, verify that the Management Point has the correct permissions to connect to the SQL database. To do this, follow these steps:
1.At the Management Point server, log on with the SMS Service account credentials, click Start, click Run, type cmd, and then click OK. If your SMS site is running under the Standard security mode, go to step 4. If your SMS site is running in the Advanced security mode, go to step 3.
2.If your SMS site is running Advanced security, start a new Command Prompt window that is running under the local system account. To do this, type the following at a command prompt, and then press ENTER:
ATFutureTime /interactive cmd
At the time that you specify, a new Command Prompt window opens that is running under Svchost.exe.Note FutureTime can be any time that is later than the current time, in 24-hour form.
3.At a command prompt, type the following, and then press ENTER:
osql -S SQLServer -d SMSdbname –E (*Run this on SQL server)
Note SQLServer is the name of the server that is running SQL Server, and SMSdbname is the name of the SQL database for your SMS site.If this command succeeds, your Management Point has the correct permissions to the SQL database. The command is successful if a 1> prompt is returned. Type exit, and then press ENTER to return to the command prompt. If you receive the following error message, go to step 4:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
4.If you receive the "Login failed" error message that is described in step 3, repeat the command, but use the Fully Qualified Domain Name (FQDN). For example, type:
osql -S SQLServer.europe.corp.microsoft.com -d SMSdbname -E
If the command does not succeed, view the DNS settings for the domain where the Management Point computer is located.
5.If the command still fails check to see whether the MSSQLServer Service is using a user account to log on with, change the service to use the Local System account on the Log On tab in the service properties and run the commands again. If you must run the service by using a user account, make sure that the user account is added to the Domain Administrator group. You will also have to follow the steps in the following article in the Microsoft Knowledge Base:
829868 (http://support.microsoft.com/kb/829868/) Systems Management Server 2003 Advanced Security site with Remote SQL does not connect to SQL Server
Back to the top
Additional troubleshooting
1.The appropriate Service Principal Name (SPN) attributes may not be generated for the account that started the SQL services. To resolve this issue, you must manually create the fully qualified domain name (FQDN) and NetBIOS SPN entries. To do this, you can use the SetSPN utility from the Windows 2000 Server Resource Kit. To download the SetSPN utility, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&DisplayLang=en)
You must run the SetSPN utility on a computer that resides in the SQL server's domain. You must use Domain Administrator credentials. Determine if the SQL services run as a domain account or as the local computer account. To use the SetSPN utility to manually create the appropriate SPNs, follow these steps:
When the SQL service is started with a user account
• To create the FQDN SPN at a Command Prompt window, type the following command:
setspn -A MSSQLSvc/SqlHostname.mydomain.com:1433 SqlServiceAccount
• To create the NetBIOS SPN at the command window, type the following command:
setspn -A MSSQLSvc/SqlHostname:1433 SqlServiceAccount
When the SQL service is started with the SQL server's System account
• To create the FQDN SPN, type the following command at a command prompt:
setspn -A MSSQLSvc/SqlHostname.mydomain.com:1433 SqlHostname
• To create the NetBIOS SPN at the command window, type the following command:
setspn -A MSSQLSvc/SqlHostname:1433 SqlHostname
2. On each primary site, make sure that the SMS_SiteSystemToSQLConnection security group contains the computer accounts or SMS service accounts for all the child servers that report to the primary site. Typically, these accounts are added to the SMS_SiteSystemToSQLConnection security group when a site is installed. If the Setup program cannot add the account, the following site status message is logged in the SMS Administrator Console:
4908 - Site Component Manager could not add machine account "%1" to the SQL Access Group "%2"on the SQL Server machine "%3".
3. The Kerberos ticket cache may have to be reset. Use the Kerbtray tool from the Windows 2000 Server Resource Kit to clear the existing Kerberos ticket cache. To download the Kerbtray tool, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=4e3a58be-29f6-49f6-85be-e866af8e7a88&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=4e3a58be-29f6-49f6-85be-e866af8e7a88&displaylang=en)
For more information about how to use the Kerbtray tool, click the following article number to view the article in the Microsoft Knowledge Base:
232179 (http://support.microsoft.com/kb/232179/) Kerberos administration in Windows 2000
4. Make sure that the DNS server for the domain is listed first in the TCP/IP properties of the Management Point server.
5.The FQDN for the target domain must be listed at the top of the suffix search list on the Management Point server. To change the suffix search list, follow these steps:
a. Click Start, click Run, type ncpa.cpl, and then click OK
.
b. Right-click the connection that you want to change, and then click Properties.
c. In the Connection Name Properties dialog box, select Internet Protocol (TCP/IP) under This connection uses the following items, and then click Properties.
d. On the General tab, click Advanced, and then click the DNS tab.
e. Click Append these DNS suffixes (in order), click the target domain, and then move the target domain to the top of the list by clicking the scroll arrow.
f. Click OK two times, and then click Close.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B886143
WORKAROUND
To work around this problem, manually configure an SPN for the site database. To manually configure an SPN for Microsoft SQL Server, follow these steps:
1. Log on to the SQL Server-based server that is hosting the SMS 2003 site database
2. Obtain and install the Setspn.exe utility. For information about how to obtain and install the Setspn.exe utility, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&displaylang=en
3. Click Start, click Run, and then type a Setspn.exe command in the Open box using the following syntax:
setspn -A MSSQLSvc/Host:port domainname\serviceaccount
For example:
C:\>setspn -A MSSQLSvc/lphbar2.hemlock.com:1433 hemlock\delegation
In this example, "lphbar2" is the host name of the server that is running SQL Server, "hemlock" is the Microsoft Windows 2000 domain name, and "delegation" is the domain account under which SQL Server is running.
4. Click OK to run the Setspn.exe utility
OR
http://support.microsoft.com/kb/829868/
1. Click Start, point to Programs, point to Windows 2000 Support Tools, click Tools, and then click ADSI Edit.
2. Expand Domain NC, and then expand CN=Users.
3. Right-click the account that starts the SQL services, and then click Properties.
4. In the Properties dialog box, click ServicePrincipalName in the Select a property to view box, and verify that entries that are similar to the following entries exist:
FQDN SPN entry:
MSSQLSvc/sqlhost.mydomain.com:1433
NetBIOS SPN entry:
MSSQLSvc/sqlhost:1433