Re: Got SPN?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Thanks for your post. I have already changed the FQDN on the VS to reflect
the external FQDN of the server (mx1.mydomain.com). I believe that this is
what is causing the EXBPA to report the warning. I would like to understand
what an SPN is and specifically how to resolve the warning:

To correct the problem would I just add the value "SMTPSVC/mx1.mydomain.com"
using AdsiEdit?
Do I need to remove the SMTPSVC/ex1.corp.mydomain.com value?

Why do I need an SPN?

Thanks again,

McR


"chace zhang" wrote:

Hi,

Thank you for posting here.

From your post, my understanding on this issue is: You encountered a
warning in EXBPA Report about "Missing FQDN in 'Default SMTP Virtual
Server' service principal name".

Based on my experience, if your internal domain name is different from
external domain name, the FQDN name of SMTP Virtual Server will be internal
name. If your Exchange Server is using internal domain name to send mail,
the outgoing mail may not be delivered to remote domain with Non-Delivery
Report which indicates a error for ex1.corp.mydomain.com without MX or A
record or Authentication failure. In this case, we can follow the steps
below to manually change it as Internet domain name.

1. Start Exchange System Manager.

2. Expand "Servers", expand "<Server Name>", expand "Protocols", and then
expand "SMTP".

3. Right-click the SMTP virtual server where you want to apply the filter,
and then click "Properties".

4. In Delivery tab, in "Fully-qualified domain name" box, change the
internal FQDN name into external FQDN name. Please don't click "Check DNS"
here.

5. Click OK twice to save the setting. And then restart SMTP Virtual Server.


Hope this helps, if anything unclear or you need additional assistance.
Please feel free to let me know. Have a nice day!


Best Regards,

Chace Zhang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on Exchange technical issues. If you have
issues regarding other Microsoft products, you'd better post in the
corresponding newsgroups so that they can be resolved in an efficient and
timely manner. You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
| From: "Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx>
| References: <1F498A28-CB4A-42A3-90F1-2AA8251365A7@xxxxxxxxxxxxx>
| Subject: Re: Got SPN?
| Date: Tue, 21 Nov 2006 14:43:53 -0800
| Lines: 51
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
| X-RFC2646: Format=Flowed; Original
| Message-ID: <#rhtG6bDHHA.3212@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.exchange.connectivity
| NNTP-Posting-Host: 64-169-85-157.ded.pacbell.net 64.169.85.157
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.connectivity:109158
| X-Tomcat-NG: microsoft.public.exchange.connectivity
|
| You can use the SetSPN.exe tool to register the Service Principal Name of
| your SMTP virtual server (if it is different than the fqdn of that
Exchange
| server).
|
| Look at method 1 in this KBA:
| http://support.microsoft.com/?kbid=914137
|
| --
| Bharat Suneja
| MVP - Exchange
| www.zenprise.com
| NEW blog location:
| www.exchangepedia.com/blog
| ----------------------------------------------
|
|
| "mcRon" <mcron@xxxxxxxxxxxxxx> wrote in message
| news:1F498A28-CB4A-42A3-90F1-2AA8251365A7@xxxxxxxxxxxxxxxx
| > My Exchange server 2003 hostname is ex1.corp.mydomain.com. To conceal
our
| > internal namespace, our Internet DNS contains an MX record that points
to
| > the
| > host mx1.mydomain.com and the A record for mx1 points to the IP address
of
| > my
| > Exchange server. I have a single SMTP virtual server (Default SMTP
| > Virtual
| > Server). On the Properties ***, Delivery tab, Advanced button
dialog, I
| > have configured the FQDN to reflect the name known on the Internet:
| > mx1.mydomain.com.
| >
| > When I run the EXBPA, it reports a "Missing FQDN in service principal
| > name".
| > The details indicate that EXBPA is expecting to find
| > "SMTPSVC/mx1.mydomain.com" in the servicePrincipalName.
| >
| > When I use AdsiEdit to examine the servicePrincipalName attribute on the
| > server's computer account, I see SMTPSVC/ex1.corp.mydomain.com listed.
| >
| > I understand that EXBPA wants me to add an SPN value but I don't really
| > understand what an SPN is. Can someone point me in the right direction
to
| > understand this?
| >
| > To correct the problem would I just add the value
| > "SMTPSVC/mx1.mydomain.com"
| > using AdsiEdit? Do I need to remove the SMTPSVC/ex1.corp.mydomain.com
| > value?
| >
| > Thanks in advance,
| >
| > McR
|
|
|


.

Quantcast