none
Setspn Unknown Parameter RRS feed

  • Question

  • Hi,

    Just going through the "Before you begin" section of FIM setup. We are planning to use a hardware load balancer, and this has been configured and the relevant 'A' record created in DNS. We next go to a DC and try to register the SPN for this new NLB name as follows:

    • setspn –S FIMService/IDM.company.com domain\FIMSync
    • setspn –S FIMService/IDM domain\FIMSync
    • setspn –S HTTP/IDM.company.com domain\FIMWSS
    • setspn –S HTTP/IDM domain\FIMWSS

    When we run the first setspn registration we get the error message:

    • Unknown Parameter FIMService/IDM.company.com. Please check your usage.

     

    We also tried running it like this:

    • setspn –A FIMService/IDM.company.com domain\FIMSync

    But the same error message appears.

    Any ideas?

    thank you

    Monday, April 11, 2011 10:34 AM

Answers

  • I see you said -A doesn't work either.  Sorry.  Couple of things:

    Try it from the 2008/R2 box you're installing FIM on.

    Also, did you intend to use FIMSync service account in your example?  You should not be using the same accounts for FIM Service and FIM Synchronization Service.

    Also, your examples have a final dot/period on the end in one.  Is this intentional?  Try it without if true.

     

    • Marked as answer by D Wind Monday, April 11, 2011 4:44 PM
    Monday, April 11, 2011 12:18 PM

All replies

  • What version of Windows Server is running on the DC?  The -S syntax was added to the latest version of SETSPN in either 2008 or 2008 R2 (can't quite remember).  If you're running 2003 or 2003 R2 that won't work and you'll need to drop back to -A or run SETSPN on the FIM Box.
    Monday, April 11, 2011 12:15 PM
  • I see you said -A doesn't work either.  Sorry.  Couple of things:

    Try it from the 2008/R2 box you're installing FIM on.

    Also, did you intend to use FIMSync service account in your example?  You should not be using the same accounts for FIM Service and FIM Synchronization Service.

    Also, your examples have a final dot/period on the end in one.  Is this intentional?  Try it without if true.

     

    • Marked as answer by D Wind Monday, April 11, 2011 4:44 PM
    Monday, April 11, 2011 12:18 PM
  • So, we retyped everything out again, failed again.

    Retyped everything for the upteenth time - and this time it worked.

    No real explanation as to why it failed the first few times.

    Thank you for your help Paul

    PS. well done for spotting the incorrect Service account reference
    Monday, April 11, 2011 4:44 PM
  • Just for future reference, if you are seeing "unknown parameter..." it's mostly because the setspn command is choking on the "-A". If you copy paste from Micrsoft Word documents, this often results in an invalid - as word automatically made a different - of it.

    Check:

    Setspn –a http/website account

    Setspn -a http/website account

    Both of the above were typed in word, in the second entry I went back erased the - and retyped it. See the difference?


    http://setspn.blogspot.com
    • Proposed as answer by Keith Crosby Tuesday, June 28, 2011 8:21 PM
    Monday, April 11, 2011 6:32 PM
  • Thanks Thomas, I encountered this exact problem copying the setspn command directly from the 'Before You Begin' guide on Technet.
    Tuesday, July 5, 2011 6:35 AM
  • Just for future reference, if you are seeing "unknown parameter..." it's mostly because the setspn command is choking on the "-A". If you copy paste from Micrsoft Word documents, this often results in an invalid - as word automatically made a different - of it.

    Check:

    Setspn –a http/website account

    Setspn -a http/website account

    Both of the above were typed in word, in the second entry I went back erased the - and retyped it. See the difference?


    http://setspn.blogspot.com
    Thanks very much Thomas, I was going in circles and you saved me.
    Wednesday, January 4, 2012 10:51 AM
  • Just for future reference, if you are seeing "unknown parameter..." it's mostly because the setspn command is choking on the "-A". If you copy paste from Micrsoft Word documents, this often results in an invalid - as word automatically made a different - of it.

    Check:

    Setspn –a http/website account

    Setspn -a http/website account

    Both of the above were typed in word, in the second entry I went back erased the - and retyped it. See the difference?


    http://setspn.blogspot.com

    ^^

    This.

    Wednesday, May 22, 2013 10:06 PM
  • re-typed and it worked just as you noted.  Thx!
    Tuesday, September 24, 2013 2:28 PM
  • Thanks
    Thursday, December 10, 2015 6:00 PM
  • Just for future reference, if you are seeing "unknown parameter..." it's mostly because the setspn command is choking on the "-A". If you copy paste from Micrsoft Word documents, this often results in an invalid - as word automatically made a different - of it.

    Check:

    Setspn –a http/website account

    Setspn -a http/website account

    Both of the above were typed in word, in the second entry I went back erased the - and retyped it. See the difference?


    http://setspn.blogspot.com

    Very good catch, thank you

    Monday, August 8, 2016 2:43 PM
  • I was getting "unknown parameter" error for the below command. I did a copy paste from the msdn article. After checking your response I deleted "-" and typed in "-" again. It worked without error. Thank you!

    Setspn –s msolapsvc.3\SRV01.domain.local Domain\SSAS-Service

    Monday, November 7, 2016 4:05 AM
  • This really helped me...

    Been battling with this for an hour now.

    Thanks Bro!!!

    Monday, November 28, 2016 12:59 PM
  • Thank you from keeping me from shooting myself in the head! This worked!
    Friday, February 24, 2017 9:07 PM
  • Wow! That is exactly what happened, it was the wrong dash!

    Thanks!

    Tuesday, January 30, 2018 5:12 PM