Rule to alert if a service principal name (SPN) for the account running the System Center Data Access service isn't registered.
The service principal name (SPN) for the "System Center Data Access" service may have failed to register. The "System Center Data Access" service must register SPNs for the Operations console and other SDK clients to authenticate using Kerberos.
In most cases this is due to the "System Center Data Access" service not having the necessary permissions to perform the SPN registration within Active Directory.
Check the existing SPN registrations by running the following command:
Setspn.exe -L <MS NetBIOS Name>
If the SPNs are registered correctly, you should see the following results:
MSOMSdkSvc/<MS NetBIOS Name>
MSOMSdkSvc/<MS FQDN>
If the SPNs are not correctly registered, register them manually by running the following commands, using an account with domain administrator rights:
Setspn.exe -A MSOMSdkSvc/<MS NetBIOS Name> <MS NetBIOS Name>
Setspn.exe -A MSOMSdkSvc/<MS FQDN> <MS NetBIOS Name>
Target | Microsoft.SystemCenter.ManagementDataAccessService | ||
Category | Alert | ||
Enabled | True | ||
Event_ID | 26371 | ||
Event Source | OpsMgr SDK Service | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | High | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Operations Manager |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.SystemCenter.DataAccessService.SdkSpnRegistration" Enabled="true" Target="Microsoft.SystemCenter.ManagementDataAccessService" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Operations Manager</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">26371</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">OpsMgr SDK Service</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>2</Priority>
<Severity>2</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.DataAccessService.SdkSpnRegistration.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>
<SuppressionValue>$Data/PublisherName$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>