When running the update to ConfigMgr 2309, we get the following errors in "ConfigMgrPrereq.log":
*** [08001][-2146893022][Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: The target principal name is incorrect.~~ $$<Configuration Manager Prereq><11-03-2023 12:17:13.236-60><thread=4556 (0x11CC)>
*** [08001][-2146893022][Microsoft][ODBC Driver 18 for SQL Server]Client unable to establish connection $$<Configuration Manager Prereq><11-03-2023 12:17:13.237-60><thread=4556 (0x11CC)>
*** Failed to connect to the SQL Server, connection type: SMS Master. $$<Configuration Manager Prereq><11-03-2023 12:17:13.246-60><thread=4556 (0x11CC)>
It also adds error messages to the Windows System event log:
The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is (local). The TLS connection request has failed. The attached data contains the server certificate.
The SSPI client process is cmupdate (PID: 15836).
The SQL-server is on the same server as the site server, and runs under a Group Managed Service account, which has the following SPNs added to it:
MSSQLSvc/%HOSTFQDN%
MSSQLSvc/%HOSTFQDN%:1433
The SQL-server is bound to a server certificate which has the FQDN of the server in CN and DNS SAN, and the service account has "Read" permission on the certificates private key. It is set to require encryption.
ODBC driver 18 is version 18.3.2.1
ODBC driver 17 is version 17.10.5.1
The update checker keeps looping, and we can't really stop it. It keeps generating error messages and prints false pre-requisite errors and warnings in the status window.
Any ideas how to fix this?