Operations Manager Command Shell Main Menu
Welcome to TechNet Blogs Sign in | Join | Help
Operations Manager 2007 SPN's

There's a lot of confusion about SPN's (service principal name) when it comes to OpsMgr.  How are SPN's registered?  When are SPN's registered?  Why aren't SPN's registering?

For brevity, I will direct your attention to the following links for more information on what, when and how.

http://wchomak.spaces.live.com/blog/cns!F56EFE25599555EC!824.entry

Thanks Walter!

The reason I'm blogging on this is to give a snapshot of all the SPN's that should be in your environment so you know you've get them all right.  Here's a birds-eye view.

Root Management Server (non-clustered):

servicePrincipalName: MSOMSdkSvc/rms.domain.com
servicePrincipalName: MSOMSdkSvc/rms
servicePrincipalName: MSOMHSvc/rms.domain.com
servicePrincipalName: MSOMHSvc/rms

Root Management Server (clustered):

servicePrincipalName: MSOMSdkSvc/rms_node_1.domain.com
servicePrincipalName: MSOMSdkSvc/rms_node_1
servicePrincipalName: MSOMSdkSvc/rms_node_2.domain.com
servicePrincipalName: MSOMSdkSvc/rms_node_2
servicePrincipalName: MSOMHSvc/rms_virtual_name.domain.com
servicePrincipalName: MSOMHSvc/rms_virtual_name

Management Server(s):

servicePrincipalName: MSOMHSvc/ms.domain.com
servicePrincipalName: MSOMHSvc/ms

Management Server with ACS:

servicePrincipalName: AdtServer/ms.domain.com
servicePrincipalName: AdtServer/ms
servicePrincipalName: MSOMHSvc/ms.domain.com
servicePrincipalName: MSOMHSvc/ms

Database Servers (including ACS DB):

servicePrincipalName: MSSQLSvc/db_server:1433
servicePrincipalName: MSSQLSvc/db_server.domain.com:1433

 

Verifying SPN's with SETSPN

SDK:  SETSPN -L <domain\sdk_domain_account>

HealthService: SETSPN -L <servername>  (run this for each MS)

SQL Service:  SETSPN -L <domain\sql_service_account>

Verify SPN's with LDIFDE

SDK and HealthServices:  Ldifde -f c:\ldifde.txt -t 3268 -d DC=domain,DC=COM -r "(serviceprincipalname=MSOM*)" -l serviceprincipalname -p subtree

SQL Service:  Ldifde -f c:\ldifde.txt -t 3268 -d DC=domain,DC=COM -r "(serviceprincipalname=MSSQLSvc*)" -l serviceprincipalname -p subtree

Note:  You'll most likely find multiple SPN's for SQL Service.  Just be sure there's one for each of your OpsMgr DB role servers.  If SQL runs under Local System, it will automatically register its SPN's each time the service starts.

Posted: Thursday, August 14, 2008 1:16 AM by jtalmquist
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker