Home
  •  

Data Access Service SPN Registration

Microsoft.SystemCenter.2007.SdkSpnRegistration (Rule)

Rule to alert if a service principal name (SPN) for the account running the System Center Data Access service isn't registered.

Knowledge Base article:

Summary

The service principal name (SPN) for the "System Center Data Access" service may have failed to register. The "System Center Data Access" service must register SPNs for the Operations console and other SDK clients to authenticate using Kerberos.

Causes

In most cases this is due to the "System Center Data Access" service not having the necessary permissions to perform the SPN registration within Active Directory.

Resolutions

Check the existing SPN registrations by running the following command:

If the SPNs are registered correctly, you should see the following results:

If the SPNs are not correctly registered, register them manually by running the following commands, using an account with domain administrator rights:

Note: If the RMS is clustered the the network name for the clustered RMS should be use for <RMS NetBIOS Name> and <RMS FQDN>

If the command "Setspn.exe "L <RMS NetBIOS Name>" shows there are duplicate or extra SPNs registered for "MSOMSdkSvc", delete them using the "Setspn.exe "D" command.

Element properties:

TargetMicrosoft.SystemCenter.RootManagementServer
CategoryAlert
EnabledTrue
Event_ID26371
Event SourceOpsMgr SDK Service
Alert GenerateTrue
Alert SeverityError
Alert PriorityHigh
RemotableTrue
Alert Message
Data Access Service SPN Not Registered
{0}
Event LogOperations Manager

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.SystemCenter.2007.SdkSpnRegistration" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.RootManagementServer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Operations Manager</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">26371</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">OpsMgr SDK Service</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>2</Priority>

      <Severity>2</Severity>

      <AlertName/>

      <AlertDescription/>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.2007.SdkSpnRegistration.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

        <SuppressionValue>$Data/PublisherName$</SuppressionValue>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>