Update: This error now now has an official KB: http://support.microsoft.com/kb/2919041
After doing a couple of 2012SP1 -> 2012R2 upgrades, I’ve stumpled across the same error several times when upgrading Orchestrator to 2012R2.
The uninstall/install procedures complete just fine, no issues there. And all services on the Orchestrator server start up like they should.
However, the issue appears when you try to use the Orchestrator webservice. This webservice is used by the Orchestrator Console and the Service Manager Connector, and you’ll get an error message that they cannot connect.
And if you try to access the webservice from your browser by surfing to: http://SCOServer:81/Orchestrator2012/Orchestrator.svc (as an example), you are faced with an error message, insted of XML code which should be the correct response.
The error:
This is because a special permission for the Orchestrator Service Account is not set on the database during the installation. The Quick-fix is to give the Orchestrator service account “dbowner” permissions on the Orchestrator database.
If you do not want to give dbowner permissions, you have check the database role permissions according to the documenatation here: http://technet.microsoft.com/en-us/library/hh912315.aspx
In my case, the “EXECUTE store procedure [Microsoft.SystemCenter.Orchestrator].[GetSecurityToken]” permission was missing for the database role: Microsoft.SystemCenter.Orchestrator.Operators