Installing VMM 2012 R2 with an Empty Remote Database
Published on 04 Apr 2014Tags #SQL Server #System Center #Virtual Machine Manager
Vendors have only recently realized that database administrators only relunctantly grant permissions in addition to a mere database ownership. In a previous post I ranted about the installer for Citrix EdgeSight. This time I will be more peaceful when telling about the pecularities of the installer for System Center 2012 R2 Virtual Machine Manager. There is a blog post by Microsoft about using an empty remote database for VMM 2012 but some things have changed in R2.
Behaviour of VMM 2012
Let me quickly recap the requirements to install VMM 2012 into an empty remote database. They are covered in detail here.
- Create a new database with the collation Latin1_General_100_CI_AS
- Grant db_owner permissions for this database to a service account
- Grant the server roles dbcreator, processadmin and securityadmin to the same service account
- Start the setup wizard in the context of the service account (logon or runas)
- Install into an existing database
- Do not specify a user for the database connection
You will experience a lengthy discussion with a database administrator about step 3 because security admins can modify all database permissions and process admins can even restart database processes.
Changes in VMM 2012 R2
As there is no documentation about how to use an empty remote database for VMM 2012 R2, I will repeat some of the above steps:
- Create a new database with the collation Latin1_General_100_CI_AS
- Grant db_owner permissions for this database to a service account
Grant the server roles dbcreator, processadmin and securityadmin to the same service account- Start the setup wizard in the context of the service account (logon or runas)
- Install into an existing database
- Do not specify a user for the database connection
The critical step 3 is gone. VMM 2012 R2 does not require any permissions other than db_owner on its own database. This is a huge improvement.
But … one last thing
You are probably wondering why the installation needs to be performed in the context of the service account. Funny thing …
You might want to use any local administrator on the future VMM server to launch the installer. And you might have noticed that the installer offers to impersonate a user for the database connection when performing actions on the database. Mind this will not work! The installer will mix the database connection user and the user context it is executed in. This results in an error and breaks the VMM installation.
But … one other last thing
When you choose to create a new database you will need permissions on the database server making the administrator unhappy. So, Microsoft should provide an optional SQL script for those steps instead. They can be sent to the database administrator to review and execute. In the end, you would have an easier time with the database administrator because you do not need to ask for additional privileges.