Failed to register Service Principal Name
Topic Last Modified: 2007-11-16
The Microsoft Exchange Server 2007 Management Pack for Operations Manager monitors the Windows Application log on computers that are running Exchange Server 2007 and generates this alert when the event or events specified in the following Details table are logged.
To learn more about this event, do one or more of the following:
Review the description of the event that includes the variables specific to your environment. From the Operator Console, select this alert, and then click the Properties tab.
Review all events that have been logged that meet the criteria of this Operations Manager alert. From the Operator Console, click the Events tab, and then double-click the event in the list for which you want to review the event description.
Details
Product Name |
Exchange |
Product Version |
8.0 (Exchange Server 2007) |
Event ID |
9317 |
Event Source |
MSExchangeSA |
Alert Type |
Warning |
MOM Rule Path |
Microsoft Exchange Server/Exchange 2007/Mailbox/System Attendant |
MOM Rule Name |
Failed to register Service Principal Name. This may blocks specific users from accessing their mailboxes. |
Explanation
This Error event indicates that the Microsoft Exchange System Attendant service failed to register the service principal name (SPN) for the process specified in the event description. An SPN is a unique identifier for the services running on an Exchange server. Each service that needs Kerberos authentication must have an SPN so that clients can identify the service on the network. In the Active Directory directory service, an SPN is assigned to an account under which the corresponding service runs. By default, Microsoft Outlook and Microsoft Outlook Web Access clients are authenticated using the Kerberos authentication mechanism. If SPN registration fails, Kerberos authentication also fails, preventing Outlook and Outlook Web Access clients from getting authenticated to the Exchange services and preventing user logon to mailboxes.
User Action
To resolve this error, do one or more of the following:
In the Services console, on the Exchange server, make sure that the Microsoft Exchange System Attendant service is in a Started state. If the service is already in a Started state, stop and then restart the service.
Make sure that the server that logged this event is properly registered on the Domain Name System (DNS) server. For more information about how to troubleshoot DNS issues, see Troubleshooting DNS servers.
An SPN is registered using a remote procedure call (RPC). Review other Warning events and Error events in the Application log to find out if there are RPC failures.
As a workaround, manually configure the SPN for the service specified in the event description. For more information about how to manually configure the SPN, see Service Logons Fail Due to Incorrectly Set SPNs.
If this error frequently occurs, contact Microsoft Product Support. For information, visit the Contact Us page of the Microsoft Help and Support Web site.
For More Information
To search the Microsoft Knowledge Base articles based on criteria that generated this alert, visit the Search the Support Knowledge Base (KB) Web site.
To review Exchange 2007 event message articles that may not be represented by Exchange 2007 alerts, see the Events and Errors Message Center.
If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.