ForeFront Endpoint Protection install with SPN issue on SCCM box.
We have been trying to setup FEP 2010 beta on SCCM server, and we keep getting this error. I have got SPN already entered and checked with AD. But no luck. Have anyone come across with this? this is really depressing. I have sccm setup on 2008 32bit server, and sql is 32 bit 2005 standard. even tried enterprise version, but still got stuck. ERROR: Setup cannot verify the service principal name (SPN) for this account. Ensure that there is a single valid SPN entry for this account in the Active Directory Domain Services. Account: (this is the account used for starting all the sql services. also entered as SPN on AD. Any tip or assistance will be greatly appreciated, and it will make my day.. Dan
October 11th, 2010 5:59am
What does the SPN look like? Can copy the exact command you used to create it here (this is something that is easy to get wrong and the first step is to always eliminate the easy things)? Also, what account is your SQL Server using as its service account?Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
October 11th, 2010 6:04pm
Hi Jason, Here is what i did on sql box. setspn -A MSSQLSvc/FQDN domain\sqladmin setspn -A MSSQLSvc/FQDN:1433 domain\sqladmin And sqladmin is being used as service account on SQL server. Using setspn -L sqladmin, i have been confirmed C:\Program Files\Windows AIK\Tools\PETools>setspn -L sqladmin Registered ServicePrincipalNames for CN=sqladmin,OU=Service Accounts,OU=Regional,DC=domain,DC=local: MSSQLSvc/sydney-sql-server.domain.local:1433 MSSQLSvc/sydney-sql-server.domain.local
October 12th, 2010 2:18am
Is sqladmin the service account for your SQL Service account, the one actually configured to start the SQL Service?Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
October 15th, 2010 4:36pm
Hi Dan, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as "Answered" as the previous steps should be helpful for many similar scenarios. In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks,Yog Li -- Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 1st, 2010 3:40am
Actually, it might be necessary to have the short names published in the SPN list as well, for example: C:\>setspn -l svc-SQLServer Registered ServicePrincipalNames for CN=SQL Server,OU=Services and Applications,OU=Company,DC=Company,DC=earth: MSSQLSvc/sccm01 MSSQLSvc/sccm01:1433 MSSQLSvc/sccm01.company.earth:1433 MSSQLSvc/sccm01.company.earth-- David Rawling E: djr (at) pdconsec (dot) net
December 27th, 2010 11:09am
After adding the short name I was able to clear the error.
January 6th, 2011 5:36am
Before anyone else makes an idiot of themself and spends an hour on this garbage I would like to offer a titch of clarification: mssqlsvc/machinename mssqlsvc/machinename:1433 mssqlsvc/machinename.domain.com:1433 mssqlsvc/machinename.domain.com That was a big, fat facepalm....
May 12th, 2011 9:19am