I recently needed to troubleshoot some installation issues on a ForeFront 2010 install. During the install a few errors came up and after some digging on the net, a Microsoft Support call, some SQL and network trace digging I finally got the thing to install.
Here is a highlight of the issues, some error message excerpts and what I did to resolve them, hopefully it helps someone…
1. Issue: The installer could not figure out/acknowledge that SQL was installed on the DB server (FEP and SQL were on two separate Windows Server 2008 boxes).
Resolution: It turns out turning OFF UAC on the SQL server helped this. For some reason SQL could not execute the queries the FEP installer was asking for (via a series of stored procedures that checked installation paths, disk space, service status, registry keys, etc.)
2. Issue: Installer could not access Reporting Services even though installing user was a local administrator on Reporting Services server
Actual error message: “Verification(Verifying SQL Reporting Services prerequisite) failed
failed to communicate with the SQL reporting web service
failed to delete folder with exception: System.Web.Services.Protocols.SoapException: The item ‘/FepSetupVerificationDire382e28e-db6b-480d-b48a-9ab209f3245b’ cannot be found. —> Microsoft.ReportingServices.Diagnostics.Utilities.ItemNotFoundException: The item ‘/FepSetupVerificationDire382e28e-db6b-480d-b48a-9ab209f3245b’ cannot be found.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Forefront.EndpointProtection.Configure.Utility.ReportService.ReportingService2005.DeleteItem(String Item)
at Microsoft.Forefront.EndpointProtection.Configure.VerifySrsServer.ReportDeploymentVerification()”
Resolution: Added the installing account as a Content Manager on Reporting Services’ site (MS article here)
3. Issue: Installer refused to continue due to duplicate SPNs.
Actual error message: “Verification(Verifying SQL Server prerequisite) failed
Error: Setup cannot determine the SQL Integration Service version.
Microsoft Forefront Endpoint Protection 2010 requires Microsoft SQL Server Integration Services 2005 Enterprise or Standard edition with Service Pack 2 or higher or Microsoft SQL Server Integration Services 2008 Enterprise or Standard edition or higher.
Make sure that the component is installed, running and autostarted on server ‘SQLSERVERNAME’.
Error: There are one or more duplicates of the following service principal names found in the Active Directory Domain Services: mssqlsvc/SQLSERVERNAME:1433.”
Resolution: Deleted an inactive SPN tied to mssqlsvc/SQLSERVERNAME:1433 (see related post here)
I ran
setspn -Q mssqlsvc/SQLcomputername:1433
(the string mssqlsvc/SQLcomputername:1433 is what comes up in the FEP install log as an error). BTW, the -Q parameter is available on Server 2008.
The above step listed the two duplicate names and all the info to find the accounts it is associated with:
CN=First User,OU=Service Accounts,DC=MyDomainName,DC=local
MSSQLSvc/SQLcomputername:1433
MSSQLSvc/SQLcomputername.MyDomainName.local:1433
CN=Second User,OU=Service Accounts,DC=MyDomainName,DC=local
MSSQLSvc/SQLcomputername:1433
I logged on to the SQLcomputername and found that it was the First User that was being used by SQL as a service account. So that leaves the Second User to be the problematic one. Then I ran:
setspn -D MSSQLSvc/SQLcomputername:1433 SecondUserID.
Hope this helps someone… 🙂
Are you on the bus? 