locked
Alert: SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated. RRS feed

  • Question

  • Hello,

    SCOM 2007 R2 CU6

    SQL SERVER 2008 SP1 (10.0.2531)

    Since I upgraded the SQL Management Pa Job Discovery) 6.0.6569 and SQL Management Pack 6.0.6648 and CU6 I am getting constantly an error on a SQL Clsuter Server:

    Alert: SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.
    Resolution state: New
    Source: QMS02
    Path: QMSDB.ad
    Last modified by: System
    Last modified time: 7/9/2012 8:50:48 AM
    Alert description: SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.
            Service Account: ad\sqlxxxxxx
            Missing SPNs: MSSQLSvc/QMSDB.ad:QMS02, MSSQLSvc/QMSDB.ad:1433, MSSQLSvc/QMSDB.ad:50111
            Misplaced SPNs: 
            Duplicate SPNs: 

    Anything changed?

    It is happening only on one SQL Cluster server within the 15 I have ... also no other server so far...

    I saw this Article http://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sql-server-cannot.html but why is it happening only on one server?

    Thanks,

    Dom


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager


    • Edited by Felyjos Tuesday, July 10, 2012 5:32 PM
    Tuesday, July 10, 2012 5:20 PM

Answers

  • I believe it is a bug and should probably be disabled.

    Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

    • Marked as answer by Felyjos Tuesday, July 10, 2012 7:21 PM
    Tuesday, July 10, 2012 5:37 PM
  • If it's only happening on one, then you can override just for that one.  I can tell you that if your SQL server service is running as a domain account, then you have to ensure that the account has a registered SPN.  If you want to be certain this account is registered, then check with your AD guys to see if that account has a SPN and it's set accordingly.  The critical thing, about this alert at least, is that despite getting it, is SQL monitoring working for this box?  If so, then like most everyone else has stated in blogs etc, you can probably disable this monitor/rule.

    Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

    • Marked as answer by Felyjos Thursday, July 12, 2012 3:46 PM
    Tuesday, July 10, 2012 7:34 PM

All replies

  • I believe it is a bug and should probably be disabled.

    Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

    • Marked as answer by Felyjos Tuesday, July 10, 2012 7:21 PM
    Tuesday, July 10, 2012 5:37 PM
  • I am going this way but as it happened only on one server should I disable the rule globally for all SQL Servers or override it for the one showing the issue?

    Thanks,
    DOm


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Tuesday, July 10, 2012 7:23 PM
  • If it's only happening on one, then you can override just for that one.  I can tell you that if your SQL server service is running as a domain account, then you have to ensure that the account has a registered SPN.  If you want to be certain this account is registered, then check with your AD guys to see if that account has a SPN and it's set accordingly.  The critical thing, about this alert at least, is that despite getting it, is SQL monitoring working for this box?  If so, then like most everyone else has stated in blogs etc, you can probably disable this monitor/rule.

    Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

    • Marked as answer by Felyjos Thursday, July 12, 2012 3:46 PM
    Tuesday, July 10, 2012 7:34 PM
  • I have disabled the monitor/rule as it is really annoying...

    Thnaks,

    DOm


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager


    • Edited by Felyjos Thursday, July 12, 2012 3:46 PM
    Thursday, July 12, 2012 3:46 PM