Prerequisites

This page details the pre-requisites required before an MCE deployment can be fully realized.

Database#

The MCE deployment relies upon a shared SQL Server 2016+ database in order to provide a highly-available persistence layer.

The database should be deployed as an SQL Always-On cluster and be accessible from all MCE cluster nodes.

The MindLink service account will need read/write access to the database. Optionally, the service account can be given create table rights in order to simplify preparation.

Preparation Scripts#

The database must be prepared in advance by running the 1-MceOrleansPrepartionScript.sql. This script creates the necessary infrastructure support tables for the underlying runtime mechanics.

The database may also optionally be prepared with the necessary MCE data tables by running the 2-McePreparationScript.sql. This script creates the necessary tables for storing the MCE data (all user, security context and group data).

Hosts and networking#

The MCE services install onto Windows 2016+ hosts (physical or virtual) and must have network routes to all other MCE service hosts in order to form a connected cluster.

Further networking requirements depend on the deployment topology.

Kerberos authentication#

The MCE administration services use the same port as the configured MLA port (even if the MLA feature is turned off). This means that Kerberos authentication is performed against server.domain.local:<web_port> and an SPN must be configured for the machine as follows:

setspn -U -S http/server.domain.local:port machinename

e.g. For a server mce1.domain.com hosting on port 8080 with a service account domain\mcemachinename:

setspn -U -S http/mce1.domain.com:8080 mce1.domain.com

If this step is not performed then authentication in the PowerShell module will fail with "401 Unauthorized - The target principal name is incorrect".