Setup fails when SQL Server is on a separate machine and configured to run under a local account
If the SMS Site Server and the Site Database (SQL) Server are on different physical machines, and if the SQL service is configured to run under a local account, then the same account credentials must exist on the SMS Site Server. Otherwise Setup will fail because the credentials do not match.
WORKAROUND: Verify that credentials match across the two machines or use other built-in accounts, such as Network_Service or a domain account.
SMS 2003 SP3 Does Not Support SQL Server 2000 Enterprise Edition (64-bit)
SQL Server 2000 Enterprise Edition (64-bit) is not supported by SMS 2003 SP3.
SQL Server 2005 Upgrade Advisor Might Generate A Warning "Use The Full Path To Register Extended Stored Procedure DLL Names" When Testing the SMS 2003 Database
When upgrading your SMS 2003 database to SQL Server 2005, the SQL Server 2005 Upgrade Advisor might display the following warning when testing the SMS 2003 database:
The DLLs that are listed in the report define extended stored procedures that have not been registered using the full path. These extended stored procedures will not work after upgrade because SQL Server will be unable to locate the DLLs. Use sp_dropextendedproc and sp_addextendedproc to drop and then reregister the DLLs with the full path. Use the full path to register extended stored procedure DLL names:
XP name: xp_SMS_notification
XP DLL name: smsxp.dll
WORKAROUND: None. This warning can be ignored provided the %windir%\system32 directory is referenced in the system path.
Additional note on the SMS 2003 SQL Server Hardening list in the Scenarios and Procedures for Microsoft Systems Management Server 2003: Security
In The Security Checklists section of the Scenarios and Procedures for Microsoft Systems Management Server 2003: Security, in the table SQL Server Settings, there is a characteristic "The BUILTIN\Administrators group is removed from the SQL Server logons." which has been confusing for readers.
WORKAROUND: If the SMS site database is on a server other than the SMS site server, and you modify or remove the SMS site database access rights for the local Administrators group on the SMS site database computer, you must map the SMS site server computer account to the database owner (DBO) user SQL Server account for the SMS site database. For this procedure, see Mapping the SMS Site Server Computer Account to the DBO User for the SMS Site Database in Appendix E: “Appendix E: SMS Security Procedures".
The SQL Server service should run with a domain user account and have a manually registered SPN
In the Scenarios and Procedures for Microsoft Systems Management Server 2003: Security, readers have been confused by an inconsistency between the SMS 2003 SQL Server Hardening list and the section *Configure the SQL Server Service to Run with a Domain User Account*.
WORKAROUND: Change the following text:
SMS does not require SQL Server to run with the LocalSystem account. To follow the principal of least privilege, create a domain user account and configure the SQL Server service to run with that domain user account. Do not add this account to the Domain Admins group.
Configure the SQL Server service to run with a domain user account instead of LocalSystem or administrator. You must also manually register the service principal name (SPN) for SMS to work properly.