I wanted to record for reference the 'normal' SPN entries for a SCOM2k7 SP1 Root Management Server, along with the SDK and Config User ID in a single server configuration. I have interacted with a number of colleagues on this recently and thought it merited a Blog post that others could reference. Specifically, I have worked with several Clients who struggled with the SPN values being created 'initially' in an incorrect manner for SCOM2k7 (this had to do with the Installation Steps followed) and thus, struggling with strange Alerts until resolved.
Here are the Root Management Server (Host called 's01-om01.corp.itpslab.local') and SDK and Config User ID (User called 'om_sdk_config') SPN values.
1. Using Active Directory Users and Computers I focus on the 2 SPN values of interest: 1) Computer Account for the Root Management Server (s01-om01.corp.itpslab.local) and 2) User Account for the SDK and Config User (om_sdk_config) for this single server SCOM2k7 SP1 Server.
2. Using the 'setspn -l' command for the Root Management Server we see the appropriate SPN Values.
3. Using the 'setspn -l' command for the SDK and Config User ID we see the appropriate SPN Values.
4. Finally, here are values for both Security Principals in an easily comparable format.
If you have every spent time troubleshooting SCOM2k7 Alerts, or Domain Controller Event Logs noting duplicate SPN Values here is a handy reference for proper SPN Values for a single SCOM2k7 SP1 Server configuration.
Lynn Lunik
Independent Security Consultant
Windows(R) Platform
IT Pro Secure Corporation
and
exchangesummit.net
http://itprosecure.com and http://www.exchangesummit.net
blog <at> itprosecure.com
Posted
Nov 30 2008, 06:53 PM
by
lynn lunik