View All Microsoft Sms Setup Posts Ask A New Question

CompileMOFFile: Failed to compile MOF, Failed to install SMS Provider

Steve Gould posted on Friday, February 15, 2008 2:22 PM

I spent a couple days with the following issues. I have resolved them now,
but I wanted to post my findings to help out others who may run into the
same issue.

Situation:

Installing SCCM 2007 on own servers
Separate SQL 2005 Server
SQL Server services run under a domain service account


Prior to set up I found the reference in the SCCM 2007 install docs that say
in this situation to register SPN's.

http://technet.microsoft.com/en-us/library/bb632649.aspx
and
http://technet.microsoft.com/en-us/library/bb735885.aspx

SPN's are registered such:

setspn -A MSSQLSvc/<SQL Server computer name>:1433 <Domain\Account>.
setspn -A MSSQLSvc/<SQL Server computer name.domain-name (FQDN)>:1433

I did so. I used ADSIEdit to verify. The above commands didn't actually
register the SPN's correctly, but I was able to correct them via ADSIEdit.
This didn't work though.

Running the prerequisite checks found no errors, but the install came up
with the following:

CompileMOFFile: Failed to compile MOF C:\Program Files\Microsoft
Configuration Manager\bin\i386\smsRprt.mof, error -2147217407
Setup cannot compile MOF file C:\Program Files\Microsoft Configuration
Manager\bin\i386\smsRprt.mof.  Do you want to continue?
Setup failed to install SMS Provider.  For more information about this
error, see Microsoft Knowledge Base at http://microsoft.com or contact
Microsoft Technical Support for further assistance.

I spent 2 days trying to locate the answer. It finally dawned on me. The
setspn above calls out "MSSQLSvc". It should have noted to use your ACTUAL
SQL Server default or named instance service name. In my case it was SQL
2005 default instance service named "MSSQLService".

As soon as I corrected the SPN's via ADSIEdit the install of SCCM 2007
completed.

Steve

CompileMOFFile: Failed to compile MOF, Failed to install SMS Provider

Kim Oppalfens [MVP] posted on Friday, March 07, 2008 5:37 PM

Thanks for sharing!

--
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx

SMS Provider Failed installation failed: sspobjectquery.cpp(5556)

tommy 9un posted on Wednesday, January 14, 2009 10:09 AM

First, check the logs for errors, then read the rest of this post.

C:\Program Files\Microsoft Configuration Manager\Logs

These are the symptoms of the problem that I had:

1. SMS Provider Failed installation failed

2. In the SCCM install log, SQL connection timed out

e:\nts_sms_fre\sms\siteserver\sdk_provider\smsprov\sspobjectquery.cpp(5556) SQL Connection attempt timed out

SQL Error: [28000][18456][Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

3. NT AUTHORITY\ANONYMOUS LOGON errors in the SQL server's system logs

My steps to resolve the problem:

1. Enable Kerberos logging Q262177

2. Enable kerberos auth for SQL cluster, Q319723. Same as above, either method works.

3. Read the SQL SPN section from http://technet.microsoft.com/en-us/library/ms189585(SQL.90).aspx . Mainly, this is to make sure you have the correct SPN

My setup, we have a cluster, so at a minimum I needed 2 SPN. But I added couple more for each cluster node (SpnA:1433 and SpnB:1433) just to be safe

Finally, my real fix came from using a combination of adisedit.msc and ldifde

At the end of the article from step 3, you will see there are two ways to run ldifde.

ldifde -d "CN=User Name,DC=betaland" -l servicePrincipalName -F NewoutputUsersAll.txt

ldifde -d "CN=Users,DC=betaland" -l servicePrincipalName -F NewoutputUsersOne.txt

One for all users, one for your domain user. The key was to grep the output files, make sure to create separate files, for Server Name from the Kerberos errors in the System log. There can only be one SPN for each SQL instance. If you have duplicates, you will get KDC_ERR_S_PRINCIPAL_UNKNOWN errors. Once you locate the duplicates, you can use adisedit.msc to remove them. We had duplicates because we run the cluster under two different accounts at different times.

If you do everything right, use KERBTRAY and eventually you will see the MSSQLSvc ticket .

One last note, when you run SMS setup, during prereq check, you will see Kerberos errors. If you see the error for SPN that you didn't add, then add it. If you see errors for SPN that you already added, then probably means you have duplicates.

CompileMOFFile: Failed to compile MOF, Failed to install SMS Provider

Chris Holmes posted on Wednesday, March 25, 2009 10:44 PM

I found the info posted by Steve Gould really helpful. I thought I would add some stuff that I used to clarify what my default instance name was, and how the SPN should be registered.

My SQL Service account was running under a domain account. I changed this (temporarily) to run under the local system account. I then checked ADSIedit and looked at the SPN that SQL registered for the computer account in AD.



In my case the SPN was MSSQLSvc/mymachinename.lab.com:1433

This indicated that I should use MSSQLSvc when I register my SPN for any domain account that i use to run SQL.



Incidently SCCM installed fine when I ran SQL under the domain account and had the SPN sonfigured correctly.

Update for SQL Server 2008...

Greg Winston posted on Thursday, June 04, 2009 1:22 AM

This is excellent information, and ultimately saved me from wasted time.



In my situation, I was installing SCCM against a Windows SQL Server 2008 installation, and the format of the SPN needed to be:



MSSQLSvc/SERVER.CONTOSO.COM:1433



So the syntax was like this...



setspn -A MSSQLSvc/SERVER.CONTOSO.COM:1433 CONTOSO\_svc_sqlserver



Assuming that CONTOSO\_svc_sqlserver is the service account you're using on the SERVER.CONTOSO.COM SQL server instance.



Thanks again!

Previous Microsoft Sms Setup conversation.