This event is indicating a failure to register the service principal name. This may prevent Outlook and Outlook Web Access clients that run in a Kerberos-only network, to get authenticated and logon to their mailbox. The service principal name gives a service running on a particular computer a global identity that allows it to authenticate via Kerberos.
Exchange System Attendant is responsible for the service principal name registrations of Exchange services.
Service principal names are used by clients like Outlook to authenticate with the server. Verify that Outlook clients are able to log on and read mail, if not, try to restart MSExchangeSystem Attendant. If that does not work, call Microsoft Product Support Services.
Users can also work around this problem by using a Windows utility called Setspn that allows manual registration of service principal names on a computer.
Exchange only registers exchangeRFR and exchangeMDB service principal names, which are used for Outlook authentication.
By default, only domain administrators and local system can register service principal names. In some cases, Exchange administrators do not have any domain administrator rights, therefore they have to ask the domain administrator to run Setspn.
For more information about MSExchangeSA event 9317, see:
| Target | Microsoft.Exchange.ExchangeComponent.SystemAttendant | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Event_ID | 9317 | ||
| Event Source | MSExchangeSA | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Application |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| EventDS | DataSource | Microsoft.Windows.EventProvider | Default |
| GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
Home
<Rule ID="Failed_to_register_Service_Principal_Name__This_may_cause_client_logon_problem" Enabled="onEssentialMonitoring" Target="Exch2003Core!Microsoft.Exchange.ExchangeComponent.SystemAttendant" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>.</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>9317</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>MSExchangeSA</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="Failed_to_register_Service_Principal_Name__This_may_cause_client_logon_problem.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>