Prerequisites

This page details the pre-requisites required before an MCE deployment can be fully realized.

Database

The MCE deployment relies upon a shared SQL Server 2016+ database in order to provide a highly-available persistence layer.

The database should be deployed as an SQL Always-On cluster and be accessible from all MCE cluster nodes.

The MindLink service account will need read/write access to the database. Optionally, the service account can be given create table rights in order to simplify preparation.

Preparation Scripts

The database must be prepared in advance by running the 1-MceOrleansPrepartionScript.sql. This script creates the necessary infrastructure support tables for the underlying runtime mechanics.

The database may also optionally be prepared with the necessary MCE data tables by running the 2-McePreparationScript.sql. This script creates the necessary tables for storing the MCE data (all user, security context and group data).

Hosts and networking

The MCE services install onto Windows 2016+ hosts (physical or virtual) and must have network routes to all other MCE service hosts in order to form a connected cluster.

Further networking requirements depend on the deployment topology.

Kerberos authentication

The MCE administration services use the same port as the configured MLA port (even if the MLA feature is turned off). This means that Kerberos authentication is performed against server.domain.local:<web_port> and an SPN must be configured for the machine as follows:

setspn -U -S http/server.domain.local:port machinename

e.g. For a server mce1.domain.com hosting on port 8080 with a service account domain\mcemachinename:

setspn -U -S http/mce1.domain.com:8080 mce1.domain.com

If this step is not performed then authentication in the PowerShell module will fail with "401 Unauthorized - The target principal name is incorrect".