Consider the following scenario:
- You install Microsoft System Center 2012 Configuration Manager together with a remote Microsoft SQL Server in the same domain as the site server.
- You have a remote site system that is in an untrusted domain (a perimeter network, also known as DMZ, demilitarized aone, and screened subnet).
- You select the Use another account for installing this site system option for the remote site system, and you specify an account that has local administrative rights on that server.
- You deploy roles to the remote site system such as the Distribution Point role.
In this scenario, Configuration Manager may incorrectly try to use the Site System Installation Account that is configured for the remote site server to update the SQL Server database. When this occurs, the update fails, and the following messages are logged.In the remote SQL Server log:In the Distrmg.log:
On the SQL Server, create a local account that has the same name as the Site System Installation Account that is configured for the remote site server, and grant the account access to the Configuration Managers database. Then, pass through authentication works around Configuration Manager's use of the Site System Installation Account.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.