One configuration step often missed is setting the SPNs (Service Principle Names) for Service Manager. One thing to note is that even if the account completing the install has permission to create the SPN it won’t.
When the Service Manager SDK service is started it will check to see if the SPN has been registered and if not will attempt to complete the SPN registration. By default only domain administrators have this right and your SDK service account won’t (at least is definitely shouldn’t) be a member of the domain administrators.
If you don’t have the SPNs registered you will notice an event log warning is registered. The event ID is 26371 ‘The System Center Data Access Service failed to register an SPN’. One thing that’s interesting in this error is the SDK service is trying to register the SPN for the servers computer account even though my SDK service is running under a user account.
The SDK can run under the ‘local system’ account and not a user account although this would not be recommended and not possible in some scenarios.
The SPN service class for Service Manager is ‘MSOMSdkSvc’ and this must be registered with the Service Account being used by the SDK service.
To check the SPNs registered to your service account you can use the SETSPN command:
SETSPN -l testlabSCSMSDKService
Running this command you should see the return of:
If you are using the local system (it would not be a recommended approach) you would use the server name instead.
If this is not what is returned (with your server names obviously) you will need to resister these manually. As mentioned above the account must be a domain administrator (or have the correct rights delegated) and the command window must be ‘run as administrator’. Again you use the SETSPN:
setspn –A MSOMSdkSvc/TSTSCSMSERVER YOURDOMAINSCSMSDKService
setspn –A MSOMSdkSvc/STSCSMSERVER.fqdn.name YOURDOMAINSCSMSDKService
You will notice this must be done for both the NETBIOS and the FQDN of the server. And don’t forget this should also be done on the data warehouse server and any additional management servers you may have.
Once this has been done restart the SDK service and you will no longer see the warnings regarding missing SPNs.