Rule to alert if a service principal name (SPN) for the account running the System Center Data Access service isn't registered.
The service principal name (SPN) for the "System Center Data Access" service may have failed to register. The "System Center Data Access" service must register SPNs for the Operations console and other SDK clients to authenticate using Kerberos.
In most cases this is due to the "System Center Data Access" service not having the necessary permissions to perform the SPN registration within Active Directory.
Check the existing SPN registrations by running the following command:
Setspn.exe -L <RMS NetBIOS Name>
If the SPNs are registered correctly, you should see the following results:
MSOMSdkSvc/<RMS NetBIOS Name>
MSOMSdkSvc/<RMS FQDN>
If the SPNs are not correctly registered, register them manually by running the following commands, using an account with domain administrator rights:
Setspn.exe -A MSOMSdkSvc/<RMS NetBIOS Name> <RMS NetBIOS Name>
Setspn.exe -A MSOMSdkSvc/<RMS FQDN> <RMS NetBIOS Name>
Note: If the RMS is clustered the the network name for the clustered RMS should be use for <RMS NetBIOS Name> and <RMS FQDN>
If the command "Setspn.exe "L <RMS NetBIOS Name>" shows there are duplicate or extra SPNs registered for "MSOMSdkSvc", delete them using the "Setspn.exe "D" command.
Target | Microsoft.SystemCenter.RootManagementServer | ||
Category | Alert | ||
Enabled | True | ||
Event_ID | 26371 | ||
Event Source | OpsMgr SDK Service | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | High | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Operations Manager |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.SystemCenter.2007.SdkSpnRegistration" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.RootManagementServer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Operations Manager</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">26371</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">OpsMgr SDK Service</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>2</Priority>
<Severity>2</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.2007.SdkSpnRegistration.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>
<SuppressionValue>$Data/PublisherName$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>