Re: Got SPN?
- From: v-chacez@xxxxxxxxxxxxx (chace zhang)
- Date: Thu, 23 Nov 2006 08:07:30 GMT
Hi,
Thank you for your update.
General speaking, we use an SPN to locate a target principal name for
running a service. More info, please refer to the article that Bharat
mentioned.
Also you may use the Setspn.exe tool to add an SPN that has the correct
FQDN to the Active Directory object for the server that is running Exchange
Server. To do this, follow these steps:
1. Install the Setspn.exe tool. To obtain the Setspn.exe tool, visit the
following Microsoft Web site:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o
asp
The Windows Server 2003 version of the Setspn.exe tool is available in the
Windows Server 2003 Support Tools. These tools are included on the Windows
Server 2003 CD. To install the Windows Server 2003 Support Tools,
double-click the Suptools.msi file in the Support/Tools folder.
2. Open a command prompt, and then change to the directory in which you
installed Setspn.exe.
3. At the command prompt, type setspn.exe-a
SMTPSVC/mail.yourdomain.comYour_Server_Name. Press ENTER.
Note Replace mail.yourdomain.com with the FQDN for the SMTP virtual server.
Replace Your_Server_Name with the name of the Exchange server.
Please kindly understand EXBPA just provide some suggestions to deploy and
maintain your Exchange Server, it's not 100 percent correctly, if you have
updated the last service pack for exchange server. Also after monitoring
exchange server, doesn't find any errors on it. You can simple ignore the
warning. Your understanding is appreciated.
Have a nice day
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Got SPN?
| thread-index: AccOWQw5uFrXcNpxTMyMGZ+vEzXL2w==
| X-WBNR-Posting-Host: 75.43.91.46
| From: =?Utf-8?B?bWNSb24=?= <mcron@xxxxxxxxxxxxxx>
| References: <1F498A28-CB4A-42A3-90F1-2AA8251365A7@xxxxxxxxxxxxx>
<#rhtG6bDHHA.3212@xxxxxxxxxxxxxxxxxxxx>
<vOWkujgDHHA.4372@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Got SPN?
| Date: Wed, 22 Nov 2006 09:10:02 -0800
| Lines: 167
| Message-ID: <AD0C0FBC-C756-44FE-B903-26AC32A70B37@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.exchange.connectivity
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.connectivity:109171
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.exchange.connectivity
|
| Thanks for your post. I have already changed the FQDN on the VS to
reflect
| the external FQDN of the server (mx1.mydomain.com). I believe that this
is
| what is causing the EXBPA to report the warning. I would like to
understand
| what an SPN is and specifically how to resolve the warning:
|
| To correct the problem would I just add the value
"SMTPSVC/mx1.mydomain.com"
| using AdsiEdit?
| Do I need to remove the SMTPSVC/ex1.corp.mydomain.com value?
|
| Why do I need an SPN?
|
| Thanks again,
|
| McR
|
|
| "chace zhang" wrote:
|
| > Hi,
| >
| > Thank you for posting here.
| >
| > From your post, my understanding on this issue is: You encountered a
| > warning in EXBPA Report about "Missing FQDN in 'Default SMTP Virtual
| > Server' service principal name".
| >
| > Based on my experience, if your internal domain name is different from
| > external domain name, the FQDN name of SMTP Virtual Server will be
internal
| > name. If your Exchange Server is using internal domain name to send
mail,
| > the outgoing mail may not be delivered to remote domain with
Non-Delivery
| > Report which indicates a error for ex1.corp.mydomain.com without MX or
A
| > record or Authentication failure. In this case, we can follow the steps
| > below to manually change it as Internet domain name.
| >
| > 1. Start Exchange System Manager.
| >
| > 2. Expand "Servers", expand "<Server Name>", expand "Protocols", and
then
| > expand "SMTP".
| >
| > 3. Right-click the SMTP virtual server where you want to apply the
filter,
| > and then click "Properties".
| >
| > 4. In Delivery tab, in "Fully-qualified domain name" box, change the
| > internal FQDN name into external FQDN name. Please don't click "Check
DNS"
| > here.
| >
| > 5. Click OK twice to save the setting. And then restart SMTP Virtual
Server.
| >
| >
| > Hope this helps, if anything unclear or you need additional assistance.
| > Please feel free to let me know. Have a nice day!
| >
| >
| > Best Regards,
| >
| > Chace Zhang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on Exchange technical issues. If you have
| > issues regarding other Microsoft products, you'd better post in the
| > corresponding newsgroups so that they can be resolved in an efficient
and
| > timely manner. You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| > --------------------
| > | From: "Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx>
| > | References: <1F498A28-CB4A-42A3-90F1-2AA8251365A7@xxxxxxxxxxxxx>
| > | Subject: Re: Got SPN?
| > | Date: Tue, 21 Nov 2006 14:43:53 -0800
| > | Lines: 51
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <#rhtG6bDHHA.3212@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.exchange.connectivity
| > | NNTP-Posting-Host: 64-169-85-157.ded.pacbell.net 64.169.85.157
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.exchange.connectivity:109158
| > | X-Tomcat-NG: microsoft.public.exchange.connectivity
| > |
| > | You can use the SetSPN.exe tool to register the Service Principal
Name of
| > | your SMTP virtual server (if it is different than the fqdn of that
| > Exchange
| > | server).
| > |
| > | Look at method 1 in this KBA:
| > | http://support.microsoft.com/?kbid=914137
| > |
| > | --
| > | Bharat Suneja
| > | MVP - Exchange
| > | www.zenprise.com
| > | NEW blog location:
| > | www.exchangepedia.com/blog
| > | ----------------------------------------------
| > |
| > |
| > | "mcRon" <mcron@xxxxxxxxxxxxxx> wrote in message
| > | news:1F498A28-CB4A-42A3-90F1-2AA8251365A7@xxxxxxxxxxxxxxxx
| > | > My Exchange server 2003 hostname is ex1.corp.mydomain.com. To
conceal
| > our
| > | > internal namespace, our Internet DNS contains an MX record that
points
| > to
| > | > the
| > | > host mx1.mydomain.com and the A record for mx1 points to the IP
address
| > of
| > | > my
| > | > Exchange server. I have a single SMTP virtual server (Default SMTP
| > | > Virtual
| > | > Server). On the Properties sheet, Delivery tab, Advanced button
| > dialog, I
| > | > have configured the FQDN to reflect the name known on the Internet:
| > | > mx1.mydomain.com.
| > | >
| > | > When I run the EXBPA, it reports a "Missing FQDN in service
principal
| > | > name".
| > | > The details indicate that EXBPA is expecting to find
| > | > "SMTPSVC/mx1.mydomain.com" in the servicePrincipalName.
| > | >
| > | > When I use AdsiEdit to examine the servicePrincipalName attribute
on the
| > | > server's computer account, I see SMTPSVC/ex1.corp.mydomain.com
listed.
| > | >
| > | > I understand that EXBPA wants me to add an SPN value but I don't
really
| > | > understand what an SPN is. Can someone point me in the right
direction
| > to
| > | > understand this?
| > | >
| > | > To correct the problem would I just add the value
| > | > "SMTPSVC/mx1.mydomain.com"
| > | > using AdsiEdit? Do I need to remove the
SMTPSVC/ex1.corp.mydomain.com
| > | > value?
| > | >
| > | > Thanks in advance,
| > | >
| > | > McR
| > |
| > |
| > |
| >
| >
|
.
- References:
- Re: Got SPN?
- From: Bharat Suneja [MVP]
- Re: Got SPN?
- From: chace zhang
- Re: Got SPN?
- From: mcRon
- Re: Got SPN?
- Prev by Date: asked for password
- Next by Date: OWA CSR Generation
- Previous by thread: Re: Got SPN?
- Next by thread: Re: OWA HTTP/1.1 500 Internal Server Error
- Index(es):
Relevant Pages
|
