[Samba] Failed to modify SPNs

L. van Belle belle at samba.org
Wed Jul 22 08:18:21 UTC 2020 

Adam, you already tried my suggestions? 

What do you see here: 
> Failed to modify SPNs on CN=SEC-CON03,CN=Computers,DC=domain,DC=com: 
> acl: spn validation failed for ... 

^^^^^^  
So read the links below and post your results
The event id you showed, for now can be ignored. Inrelevant (for now). 
And mostlikly wil disapear when you added/fixed the "correct" spn's 

On topic for that event id you showed.
https://support.microsoft.com/en-us/help/935834/how-to-enable-ldap-signing-i
n-windows-server
The fix. 


Greetz,

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: woensdag 22 juli 2020 8:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Failed to modify SPNs
> 
> Hai, 
> 
> Any windows event ID's related to this? These might be handy. 
> I suggest you read : http://www.scomgod.com/?p=155 
> 
> On the SQL server, to add the SPN, use: 
> setspn -A <SPN> <Account>
> Example: setspn -A MSSQLSvc/SCMVPSCOM01.test.COM:1433 TEST\SVCACCOUNT
> 
> Does the SQL server has an A and PTR record in the DNS? Do 
> verify that.
> 
> And there is bit more explained .
> https://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sq
> l-server-cannot.html
> 
> I think these should help you to fix this. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Adam 
> > Xu via samba
> > Verzonden: woensdag 22 juli 2020 4:33
> > Aan: sambalist
> > Onderwerp: [Samba] Failed to modify SPNs
> > 
> > Hi all
> > 
> > my samba version is 4.12.5 and when a sql server windows 
> machine join 
> > the domain, It shows error in samba :
> > 
> > Failed to modify SPNs on 
> CN=SEC-CON03,CN=Computers,DC=domain,DC=com: 
> > acl: spn validation failed for 
> > spn[E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/SEC-CON03:389] 
> > uac[0x1000] 
> > account[SEC-CON03$] hostname[SEC-Con03.domain.com] nbname[DOMAIN] 
> > ntds[(null)] forest[domain.com] domain[domain.com]
> > 
> > There was a discussion on this issue in 2018, but no 
> > conclusion was given.
> > 
> > https://lists.samba.org/archive/samba/2018-August/217570.html
> > 
> > Is there any solution to this problem now?
> > 
> > -- 
> > yours Adam
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list