During a "rebuild" of my lab today, I came across the following error:
<response><errorContext description="No trusted group name was specified in the site properties. The method can be invoked only by trusted group members of the provisioning site." code="0xc2201518" executeSeqNo="0"/></response>
This error would always show now matter what MPF request I submitted to Provtest.exe via the command line.
The key thing to not here is that this was part of a "rebuild". Thus, there was a "working environment of MPS (the HMC 3.0 flavor) and I "blew it away" to start over [sort of] fresh. I did all of the things you should clean up (more info on this below), but forgot a very important step. I didn't delete the SQL Logins for the MPF Accounts on the SQL Server where the MPF Databases once resided. When you redeploy the MPF databases via the "Provisioning Deployment Tool" the databases will be created, but the SQL Logins will not be updated. So this issue is that the SQL logins point to the Active Directory names (e.g. MPFServiceAccts), but the underlying reference is the old account SID and not the newly created (by the deployment tool) ones.
Here is what I did to fix this:
- Delete all of the MPF related SQL Logins
- Add SQL Logins for the below Active Directory accounts and assign to the below database roles
| Login |
Database/Role |
| MPFAdmins |
- MPFAudit/MPFAdminsRole
- MPFConfig/MPFAdminRole
- MPFTranLogData/MPFAdminRole
- ResourceManager/MPFAdminRole
|
| MPFAuditors |
|
| MPFClientAccts |
|
| MPFServiceAccts |
- MPFAudit/MPFServiceRole
- MPFConfig/MPFServiceRole
- MPFTranLogData/MPFServiceRole
- ResourceManager/MPFServiceRole
|
Once I did this, I had to "shutdown" the "Provisioning Engine" COM+ application. Rebooting the MPS server also works.
Now there might be other issues why this error will appear, but on this day the above solution worked out.
So what should you do when you "rebuild" and MPS Deployment?
They key thing to note here is that I wasn't trying to keep the old data or structure. So this was a full rebuild, but without uninstalling Active Directory, Exchange, SQL, etc. This is by no means the definitive list (I guess that will be another task/posting), but it should give you a good idea of what to address:
- Use the "Provisioning Deployment Tool" to remove all services
- Delete the MPSDeploymentAccount from Active Directory
- Delete the MPF Databases
- Delete the Plans Database
- Delete the MPF SQL Logins (note the table above, but also the MPSPlansAcct SQL Login)
- Reboot all servers.