I ma getting a error in System Center Configuration Manager 2007:
An error occurred while processing item 1 defined on lines 7
I ma getting a error in System Center Configuration Manager 2007:
An error occurred while processing item 1 defined on lines 7
To resolve this issue, you must correctly configure the SPNs for the SQL Server to use the correct domain user account. For more information about how to do this follow the bellow information.
Running the SQL Server service using the local system account of the SQL Server computer is not a SQL Server best practice. For the most secure operation of SQL Server site database servers, a low rights domain user account should be configured to run the SQL Server service.
A Service Principal Name (SPN) must be registered for the SQL Server service account (when the local system account will not be used) to allow clients to identify and authenticate the service using Kerberos authentication. The SetSPN utility can be used to register an SPN for the site database server SQL Server service account. The SetSPN utility must be run on a computer that resides in the SQL Server's domain and it must be run using Domain Administrator credentials. To properly configure an SPN for the SQL Server service account using the SetSPN utility, follow the steps in these procedures.
Additionally, you should verify that there are no duplicate SPNs on the SQL Server. To manually create domain user Service Principle Name follow the steps:
1.Click Start, click Run and then enter cmd in the Run dialog box.
2.From the command line, navigate to Windows Server support tools installation directory. By default, these tools are located in the C:\Program Files\Support Tools directory.
3.Enter a valid command to create the SPN. The command should be in the form of: setspn –A MSSQLSvc/<SQL Server computer name>:1433 <Domain\Account>.
note
Note
4. Verify that the command completed successfully by reviewing the command’s output for the updated object line.Code:The command to register an SPN for a SQL Server named instance is the same as that used when registering an SPN for a default instance except that the port number should match the port used by the named instance.
To verify the domain user SPN is registered correctly using the ADSIEdit MMC console
1.Click Start, click Run, and enter adsiedit.msc to launch the ADSIEdit MMC console.
2. If necessary, connect to the site server's domain.
3.In the console pane, expand the site server's domain, expand DC=<server distinguished name>, expand CN=Users, and right-click CN=<Service Account User>. On the context menu, click Properties.
4.In the CN=<Service Account User> Properties dialog box, review the servicePrincipalName value to ensure that a valid SPN has been created and associated with the correct SQL Server.
To change the SQL Server service account from local system to a domain user account
1.Create or select a domain or local system user account that will be used as the SQL Server service account.
2.Open SQL Server Configuration Manager.
3. Click SQL Server 2005 Services and then double click SQL Server<INSTANCE NAME>.
4.On the Log on tab, select This account and enter the user name and password for the domain user account created in step 1 or click Browse to find the user account in Active Directory and then click Apply.
5.Click Yes on the Confirm Account Change dialog box to confirm the service account change and restart the SQL Server Service.
6. Click OK after the service account has been successfully changed.
Bookmarks