Hello Community, we have a problem with duplicate SPNs on one of our SCOM 2012 MS analog to the Thread http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/c06dc6d7-38b4-4f82-8915-5ce2992cd704/. The MSOMSdkSvc/mycomputer SPN is registered as well for the Serviceaccount as for the machine account. SDK and Config Service is running under the Serviceaccount. Of course we can delete the machine SPNs, but after some time (or a reboot) the machine account SPNs reappear... How can we prevent the machine account to register the SPNs? Best regards, Dirk

Hi Dirk In order to register a SPN you need Domain Administrator permission. In a SCOM deployment scenario there is no need to have domain admin permission for any account. If you set the permission to Domain User the account won't be able to register the SPN. You cann Register the SPN manually by typing setspn -S MSOMSdkSvc/mycomputer domain\sdkaccount setspn -S MSOMSdkSvc/mycomputer.domain.com domain\sdkaccount StefanBlog: http://blog.scomfaq.ch

Hello Community, after doing a little research and some discussions with MS PSS: There is a bug in SCOM 2012 / 2007. If you run the SDK Service under a service account, the Service always tries to register the MSOMSdkSvc SPN for the machine account AND the service account. Hence you will have duplicate SPNs. Only available and working workaround: On the machine account in AD ds for the machine account itself and for the service account. The service still tries to register the SPNs, but gets an access denied error from AD. This will cause the Event 26371 in the OpsMgr Eventlog, but it can be ignored accoring to Keven Holman. Best regards, Dirk

You can find a better explanation here: http://blogs.technet.com/b/kevinholman/archive/2007/12/13/system-center-operations-manager-sdk-service-failed-to-register-an-spn.aspxHarpreet Rana

Yep, that's the link i refered to above. Thanks :)