search for: mssqlsvc

High there, despite SPN - registration of MSSQLSvc - Service my samba-log is littered with failures... Please have a look about it: Samba-Version: 4.5.16-SerNet-Debian-18.jessie User foo and machine tz115 are registered in spn: root at tz230:~# samba-tool spn list foo foo User CN=foo,CN=Users,DC=testzentrum,DC=uni-frankfurt,DC=de has the follow...

...t this is added to the servicePrincipalname If i understand it`s syntax right, there should be eventually a portnumber, but maybe this is the local accountname for this service. > dn: CN=PCNAME,CN=Computers,DC=... > changetype: modify > add: servicePrincipalName > servicePrincipalName: MSSQLSvc/PCNAME.ad-dom.domain.tld:<some port number> > > And I would also add a second SPN using NETBIOS name of PCNAME rather than > FQDN, which gives us: > > servicePrincipalName: MSSQLSvc/PCNAME:<some port number> > > Adding both SPN you have two unique name for your S...

...am.ldb serviceprincipalname=* serviceprincipalname > [...] Thank you again for the hint! With "loglevel=10" i found the affected servicePrincipalName: ldb: ldb_trace_request: MODIFY dn: CN=PCNAME,CN=Computers,DC=... changetype: modify add: servicePrincipalName servicePrincipalName: MSSQLSvc/PCNAME.domain.domain.domain.de:DATEV_DBENGIN E - control: 1.2.840.113556.1.4.1413 crit:0 data:no [2016/03/24 01:01:45.075853, 10, pid=32023, effective(0, 0), real(0, 0)] ../ source4/dsdb/samdb/ldb_modules/acl.c:1055(acl_modify) ldb:acl_modify: servicePrincipalName [2016/03/24 01:01:4...

...ePrincipalname > If i understand it`s syntax right, there should be eventually a portnumber, > but maybe this is the local accountname for this service. > > dn: CN=PCNAME,CN=Computers,DC=... > > changetype: modify > > add: servicePrincipalName > > servicePrincipalName: MSSQLSvc/PCNAME.ad-dom.domain.tld:<some port > number> > > > > And I would also add a second SPN using NETBIOS name of PCNAME rather > than > > FQDN, which gives us: > > > > servicePrincipalName: MSSQLSvc/PCNAME:<some port number> > > > > Adding bo...

...uired, but *port* and *service* name are optional. The colon between *host* and *port* is only required when a *port* is present. According to that and because I have no idea what is DATEV_DBENGINE dn: CN=PCNAME,CN=Computers,DC=... changetype: modify add: servicePrincipalName servicePrincipalName: MSSQLSvc/PCNAME.ad-dom.domain.tld:<some port number> And I would also add a second SPN using NETBIOS name of PCNAME rather than FQDN, which gives us: servicePrincipalName: MSSQLSvc/PCNAME:<some port number> Adding both SPN you have two unique name for your SPN and that SPN is valid when clien...

Hi all my samba version is 4.12.5 and when a sql server windows machine join the domain, It shows error in samba : Failed to modify SPNs on CN=SEC-CON03,CN=Computers,DC=domain,DC=com: acl: spn validation failed for spn[E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/SEC-CON03:389] uac[0x1000] account[SEC-CON03$] hostname[SEC-Con03.domain.com] nbname[DOMAIN] ntds[(null)] forest[domain.com]

...Samba] Failed to modify SPNs > > Hai, > > Any windows event ID's related to this? These might be handy. > I suggest you read : http://www.scomgod.com/?p=155 > > On the SQL server, to add the SPN, use: > setspn -A <SPN> <Account> > Example: setspn -A MSSQLSvc/SCMVPSCOM01.test.COM:1433 TEST\SVCACCOUNT > > Does the SQL server has an A and PTR record in the DNS? Do > verify that. > > And there is bit more explained . > https://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sq > l-server-cannot.html > > I think these shou...

Hai, Any windows event ID's related to this? These might be handy. I suggest you read : http://www.scomgod.com/?p=155 On the SQL server, to add the SPN, use: setspn ?A <SPN> <Account> Example: setspn -A MSSQLSvc/SCMVPSCOM01.test.COM:1433 TEST\SVCACCOUNT Does the SQL server has an A and PTR record in the DNS? Do verify that. And there is bit more explained . https://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sql-server-cannot.html I think these should help you to fix this. Greetz, Louis...

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld