OM 2012: SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.
-
Tuesday, April 24, 2012 4:54 PM
I'm getting this dreaded error and followed the setspn command but I'm still seeing this one. Do I have to perform any ADSIEdit surgery?
Background: SQL was installed using local admin account (bad) and I installed OM 2012 and ran into issues. So he built me another VM using the same name, I installed OM 2012 fine, but now seeing this infamous error most likely due to previous install?
Should I just be lazy and start over with a different server name? Or try to remove SPN from AD somehow?
The setspn is just not working, rebooted, still no go. Argh.
Thanks for any advice.
http://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sql-server-cannot.html
All Replies
-
Thursday, April 26, 2012 4:02 AMModerator
Hi,Please check again with the following methods:
SDK SPN Not Registered
http://blogs.technet.com/b/jonathanalmquist/archive/2008/03/12/sdk-spn-not-registered.aspxOperations Manager 2007 SPN's
http://blogs.technet.com/b/jonathanalmquist/archive/2008/08/14/operations-manager-2007-spn-s.aspxRegistering a Service Principal Name
http://technet.microsoft.com/en-us/library/ms191153(v=sql.105).aspxHope this helps.
Thanks.
Nicholas Li
TechNet Community Support
-
Wednesday, May 02, 2012 3:58 PMHaving the same issue. None of this has helped. My problem is that the SPN is there when I do a SETSPN -L. I ran SetSPN /d to delete SPN and then added it back in with SetSPN /A. I reset the monitor and a few minutes later, it showed back up.
-
Wednesday, May 02, 2012 4:08 PMWhat is in Operations Manager event log?
-
Wednesday, May 02, 2012 5:52 PMNothing I could find in reference to SPN. With no filtering, I searched in the time slots of when the alert was generated, and again every time I reset the monitor. Nothing in the event log.
-
Wednesday, May 02, 2012 7:16 PM
Can you check spn record with mom action account rights?
-
Wednesday, May 02, 2012 8:20 PMWhen I run SetSPN -L <accountname>, it shows the correct SPNs. When I run SetSPN -Q <SPN>, it shows the correct SPNs and accounts. I even tried deleting the SPN and added it back. I still get the alert in SCOM.
Dan
-
Wednesday, May 02, 2012 9:14 PMAdd spn for both computername entries - fqdn and short.
-
Thursday, May 03, 2012 12:35 PMIt already is.
Dan
-
Monday, May 07, 2012 5:16 AMModerator
Hi,
Please also check the settings referring to the post about SCOM 2012 SPNs:
OpsMgr 2012: What should the SPN’s look like?
http://blogs.technet.com/b/kevinholman/archive/2011/08/08/opsmgr-2012-what-should-the-spn-s-look-like.aspxThanks.
Nicholas Li
TechNet Community Support
-
Monday, May 07, 2012 1:34 PM
Hello,
I had the same issue after the update of MSSQL MP to version 6.3.173.0 in SCOM 2012! The alert is about SQL service account (Database Engine account) and it disappear after running the following:
setspn -A MSSQLSvc/<fqdn of SQL server>:1433 <domain>\<SQL service Account>
Best Regards
- Edited by HermanoF Monday, May 07, 2012 1:35 PM
-
Wednesday, May 16, 2012 11:18 AM
Same issue here running SCOM 2012 RTM.
SETSPN -L shows the correct SPN settings, the exact same settings the monitor states I should set?!!!
FYI - the machine in question is running SQL 2008 SP3 x64 Std Edition.
- Edited by Kiwifulla Wednesday, May 16, 2012 11:18 AM
- Proposed As Answer by Tabish Ansari Thursday, July 05, 2012 12:28 PM
-
Wednesday, May 16, 2012 7:52 PM
Still no resolution. SPNs match what is required in SCOM and SQL documentation listed. Service Account (SELF) has permissions to update SPNs. Services for both SQL and SCOM have been restarted. The server has been restarted.
SCOM says the SPN that is missing is MSSQLSvc/servername.domain.com:1433. However, when I run SetSPN /L, that SPN is present.
Am I going to have to disable that monitor in SCOM in order to get rid of the alert?
Dan
-
Wednesday, May 16, 2012 9:30 PMWe've disabled it here until we get an answer from Microsoft (we have a DSE).
"Fear disturbs your concentration"
-
Friday, May 18, 2012 4:51 PM
I believe I've finally found the resolution to the problem. I have the local system account set as the service account for the Data Access service. This needs to be a domain user account. My problem now is that when I set it to a domain user account, it requires "Generate Security Alerts" rights, and that is set in GPO to only certain users, so I'll have to get that changed.
Dan
- Edited by Dan-FSG Friday, May 18, 2012 4:51 PM
-
Wednesday, June 20, 2012 9:15 AM
I also got the same error, the alert is a BUG.
If everything is working fine , i mean your SQL and SCOM then....
Don't worry, you need to disable that monitor.
- Proposed As Answer by Tabish Ansari Wednesday, June 20, 2012 6:48 PM
-
Thursday, July 05, 2012 7:29 PM
Why have you marked my thread as the proposed answer? I have not provided an answer, I have said we have the same issue!
Please unmark as answer...and provide the actual answer!
-
Friday, August 17, 2012 6:22 PM
We get this warning alert as well "SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated"
It appears to be complaining about our sql service account which is a domain account.
Would be nice if we knew what this was about.
- Edited by SCOM 2012 Installation from Hell Friday, August 17, 2012 6:22 PM
- Edited by SCOM 2012 Installation from Hell Friday, August 17, 2012 6:23 PM
-
Saturday, August 18, 2012 11:45 AMModerator
Hello all, two of my friends have been blogging about this lately. The technical details lead to a faulty monitor (for now) and can (for now) be disabled.
Jonathan Almquist: http://scomskills.com/blog/?p=150
Marnix Wolf: http://thoughtsonopsmgr.blogspot.nl/2012/04/scom-r2-alert-sql-server-cannot.htmlBob Cornelissen - BICTT (My Blog about SCOM) - MVP 2012 and Microsoft Community Contributor 2011 Recipient
- Marked As Answer by Bob CornelissenMVP, Moderator Friday, September 07, 2012 9:38 PM
-
Tuesday, August 21, 2012 5:32 PM
This problem is resolved when you update the MP to the SQL related MPs 6.3.173.1
When we had the vers 6.3.173.0 we had this problem, but after updating the SQL MPs, the problem went away.
I had to open a ticket with Microsoft to get this resolved.
- Edited by SCOM 2012 Installation from Hell Tuesday, August 21, 2012 5:32 PM
- Marked As Answer by Bob CornelissenMVP, Moderator Friday, September 07, 2012 9:38 PM
-
Tuesday, August 21, 2012 5:53 PMSo, where did you get the update? It doesn't appear to be available for download on either the MS Downloads site or the System Center Marketplace...
Dan
-
Tuesday, August 21, 2012 7:56 PM
Microsoft emailed it to me after I opened a ticket regarding another SQL related issue.
Once I applied the new MP, it resolved this problem as well as the issue I originally opened the ticket for.
Since it requires MP update to fix, if you open a ticket with Microsoft, they should provide the MP for free of charge since the bug is in the current MP.
If not, post your email address, I will email it to you.
- Edited by SCOM 2012 Installation from Hell Tuesday, August 21, 2012 7:57 PM
-
Friday, September 07, 2012 9:38 PMModeratorThe .1 version is available now, also when selecting the import mp from catalog option.
Bob Cornelissen - BICTT (My Blog about SCOM) - MVP 2012 and Microsoft Community Contributor 2011 Recipient
-
Saturday, September 08, 2012 4:17 AMI applied 6.3.173.1 a couple of weeks ago and yet this issue is still there. I have restarted the server in question a few times, deleted/readded the SPN and still get this alert again an hour or so later!
-
Saturday, September 08, 2012 8:05 AMModerator
Ok in that case try two things:
On the agent affected, stop system center management service. Go to "C:\Program Files\System Center Operations Manager\Agent\Health Service State " and throw away the contents of that directory. And start the system center management service again. And wait for 20 minutes.
If still the same issue and you have checked that the SPNs are correct than disable the monitor as indicated through a few of the links above.
Bob Cornelissen - BICTT (My Blog about SCOM) - MVP 2012 and Microsoft Community Contributor 2011 Recipient
-
Tuesday, September 11, 2012 3:21 AM
Thanks Bob - I tried the approach you recommended, cleared the alert...but it came back about an hour later :(
I guess I will disable the monitor, however would have liked to have seen this bug fixed rather than hack it out.
Cheers
Steve
-
Tuesday, September 11, 2012 6:37 AMModeratorSame here mate. But there is hope they can fix it at the next itteration. However there is no waiting for that. Just disable the monitor for now.
Bob Cornelissen - BICTT (My Blog about SCOM) - MVP 2012 and Microsoft Community Contributor 2011 Recipient
-
Tuesday, October 23, 2012 8:46 AM
There are no changes in the MP (6.3.173.1) itself (regarding SPNs).
It is a good advice to compare old and new MP versions before updating them "feeling lucky". I wrote a small guide some time ago: http://www.systemcenterrocks.com/2010/11/what-to-do-if-new-mp-version-has-been.html
In most cases the SPNs are really missing.
http://www.syliance.com | http://www.systemcenterrocks.com
- Edited by Patrick_Seidl Tuesday, October 23, 2012 8:51 AM added note
- Edited by Patrick_Seidl Tuesday, October 23, 2012 9:07 AM
-
Tuesday, October 23, 2012 8:55 AM
This problem is resolved when you update the MP to the SQL related MPs 6.3.173.1
When we had the vers 6.3.173.0 we had this problem, but after updating the SQL MPs, the problem went away.
I had to open a ticket with Microsoft to get this resolved.
Sorry, but that is not the solution. There are no changes regarding that from 6.3.173.0 to 6.3.173.1http://www.syliance.com | http://www.systemcenterrocks.com
-
Friday, March 22, 2013 2:41 PM
Updating to 6.3.173.1 does not fix this issue. The update you got from Microsoft was an update for SQL that fixed the issue, not for SCOM. Applying a fix to all our SQL servers getting this error is assinine.
Just override the monitor, close the alerts. If your SQL env is running, then dont worry about it. I heard that SP1 does fix this for the Monitor in SCOM.
.png)
