OM 2012: SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.
I'm getting this dreaded error and followed the setspn command but I'm still seeing this one. Do I have to perform any ADSIEdit surgery?
Background: SQL was installed using local admin account (bad) and I installed OM 2012 and ran into issues. So he built me another VM using the same name, I installed OM 2012 fine, but now seeing this infamous error most likely due to previous install?
Should I just be lazy and start over with a different server name? Or try to remove SPN from AD somehow?
The setspn is just not working, rebooted, still no go. Argh.
Thanks for any advice.
http://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sql-server-cannot.html
April 24th, 2012 12:54pm
Hi,
Please check again with the following methods:
SDK SPN Not Registered
http://blogs.technet.com/b/jonathanalmquist/archive/2008/03/12/sdk-spn-not-registered.aspx
Operations Manager 2007 SPN's
http://blogs.technet.com/b/jonathanalmquist/archive/2008/08/14/operations-manager-2007-spn-s.aspx
Registering a Service Principal Name
http://technet.microsoft.com/en-us/library/ms191153(v=sql.105).aspx
Hope this helps.
Thanks. Nicholas Li
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 12:02am
Having the same issue. None of this has helped. My problem is that the SPN is there when I do a SETSPN -L. I ran SetSPN /d to delete SPN and then added it back in with SetSPN /A. I reset the monitor and a few minutes later, it showed back up.
May 2nd, 2012 11:58am
What is in Operations Manager event log?
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 12:08pm
Nothing I could find in reference to SPN. With no filtering, I searched in the time slots of when the alert was generated, and again every time I reset the monitor. Nothing in the event log.
May 2nd, 2012 1:52pm
Can you check spn record with mom action account rights?
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 3:16pm
When I run SetSPN -L <accountname>, it shows the correct SPNs. When I run SetSPN -Q <SPN>, it shows the correct SPNs and accounts. I even tried deleting the SPN and added it back. I still get the alert in SCOM.Dan
May 2nd, 2012 4:20pm
Add spn for both computername entries - fqdn and short.
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 5:14pm
It already is.Dan
May 3rd, 2012 8:35am
Hi,
Please also check the settings referring to the post about SCOM 2012 SPNs:
OpsMgr 2012: What should the SPNs look like?
http://blogs.technet.com/b/kevinholman/archive/2011/08/08/opsmgr-2012-what-should-the-spn-s-look-like.aspx
Thanks. Nicholas Li
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2012 1:16am
Still no resolution. SPNs match what is required in SCOM and SQL documentation listed. Service Account (SELF) has permissions to update SPNs. Services for both SQL and SCOM have been restarted. The server has been restarted.
SCOM says the SPN that is missing is MSSQLSvc/servername.domain.com:1433. However, when I run SetSPN /L, that SPN is present.
Am I going to have to disable that monitor in SCOM in order to get rid of the alert?Dan
May 16th, 2012 3:52pm
We've disabled it here until we get an answer from Microsoft (we have a DSE)."Fear disturbs your concentration"
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2012 5:30pm
Tabish Ansari
Why have you marked my thread as the proposed answer? I have not provided an answer, I have said we have the same issue!
Please unmark as answer...and provide the actual answer!
July 5th, 2012 3:29pm