The setspn on the sql services doesn't work. If I create a new service account is it as easy as just swapping out the SQL service and the SQL Server agent with the new account well I have issues restarting the service after I change the account? What's the best way to tackle this?
Brian Sent from my iPhone > On Mar 29, 2015, at 4:23 PM, Thomas Gonzalez <[email protected]> wrote: > > Yes there would be...have you done a setspn on the SQL services? > > Maybe there's one that's still using it... > > And if your account is using this for SQL, you should have seen the son > attribute. > > > > Thomas Gonzalez > From: Brian McDonald > Sent: 3/29/2015 3:17 PM > To: [email protected] > Subject: Re: [mssms] SPN issue > > It's currently running sql services in a production SCCM environment. Would > there be any repercussions to this? > > Sent from my iPhone > >> On Mar 29, 2015, at 3:12 PM, Thomas Gonzalez <[email protected]> wrote: >> >> If that service account is only for sql and not in use, I would delete it, >> let replication work and then recreate it…. >> >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Brian McDonald >> Sent: Sunday, March 29, 2015 2:41 PM >> To: [email protected] >> Subject: Re: [mssms] SPN issue >> >> >> Sorry, that was a typo. I entered the command as you have indicated below. >> >> ADSI Edit shows the same exact output as provided with the ldife query for >> the computer account. >> >> servicePrincipalName: CmRcService/CMSRV01 >> servicePrincipalName: CmRcService/CMSRV01.COMPANY.local >> servicePrincipalName: TERMSRV/CMSRV01 >> servicePrincipalName: TERMSRV/CMSRV01.COMPANY.local >> servicePrincipalName: WSMAN/CMSRV01 >> servicePrincipalName: WSMAN/CMSRV01.COMPANY.local >> servicePrincipalName: RestrictedKrbHost/CMSRV01 >> servicePrincipalName: HOST/CMSRV01 >> servicePrincipalName: RestrictedKrbHost/CMSRV01.COMPANY.local >> servicePrincipalName: HOST/CMSRV01.COMPANY.local >> >> However, the service account is blank with the servicePrincipalName >> attribute. Is there a way to fix this via ADSIEdit? Still not sure why this >> would say ‘Duplicate SPN found…” >> >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Brian McDonald >> Sent: Sunday, March 29, 2015 2:11 PM >> To: [email protected] >> Subject: Re: [mssms] SPN issue >> >> Thanks sir, here is the output: >> dn: CN=CMSRV01,OU=Servers,DC=COMPANY,DC=local >> changetype: add >> servicePrincipalName: CmRcService/CMSRV01 >> servicePrincipalName: CmRcService/CMSRV01.COMPANY.local >> servicePrincipalName: TERMSRV/CMSRV01 >> servicePrincipalName: TERMSRV/CMSRV01.COMPANY.local >> servicePrincipalName: WSMAN/CMSRV01 >> servicePrincipalName: WSMAN/CMSRV01.COMPANY.local >> servicePrincipalName: RestrictedKrbHost/CMSRV01 >> servicePrincipalName: HOST/CMSRV01 >> servicePrincipalName: RestrictedKrbHost/CMSRV01.COMPANY.local >> servicePrincipalName: HOST/CMSRV01.COMPANY.local >> >> >> >> From: Thomas Gonzalez <[email protected]> >> Date: March 29, 2015 at 12:48:06 PM CDT >> To: <[email protected]> >> Subject: RE: [mssms] SPN issue >> Reply-To: [email protected] >> >> Also try this ldifde -f check_SPN.txt -t 3268 -d "" -l servicePrincipalName >> -r "(servicePrincipalName=HOST/mycomputer*)" -p subtree >> >> Thomas Gonzalez >> From: Brian McDonald >> Sent: 3/29/2015 12:17 PM >> To: [email protected] >> Subject: [mssms] SPN issue >> >> >> >> >> >> >> >> >> >> Hello all, >> >> I'm experiencing an issue with registering SPNs for SQL on my CM server. The >> commands I'm running: >> >> Setspn -a MSSQLSvc\Server:1433 Domain\cmsql >> >> Setspn -a MSSQLSvc\Server.fqdn:1433 Domain\cmsql >> >> When running the above commands I receive: "Duplicate SPN found, aborting >> operation!" I noticed though it shows "checking domain...and it has the cmra >> account, which is my reporting services account. >> >> When I attempt to run setspn -l domain\cmsql it doesn't show any > > [The entire original message is not included.] >
