AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 26.05.2016, 18:11   #1  
Blog bot is offline
Blog bot
Участник
 
25,584 / 848 (80) +++++++
Регистрация: 28.10.2006
stoneridgesoftware: How to prevent the error Failed to Register Service Principal Name (SPN) in Dynamics AX, when not using Kerberos
Источник: https://stoneridgesoftware.com/how-t...sing-kerberos/
==============

I was recently working with a client who wasn’t using Kerberos authentication in their Dynamics AX 2012 R3 environment. The IT admin did not like seeing the following error being logged in their environment:

Object Server 01:  RPC error: Failed to register service principal name (SPN): ’29D16D8E-32D1-433B-B77F-987C2408CEA4/VOYAGER.demo.local:2712′

Object Server 01:  RPC error: Failed to unregister service principal name (SPN): ’29D16D8E-32D1-433B-B77F-987C2408CEA4/VOYAGER.demo.local:2712′

From the Windows Application Event Log, if you filter on the following you can see if this error exists in your environment:



In the event log, you will find 1 message per startup and shutdown of the AOS service.

Startup



Shutdown



The IT admin did not want this message being logged and had followed this enhanced security with Kerberos blog to prevent the messages from being logged without success. The IT admin was adamant that they would never use Kerberos in their AX environment and wanted to prevent the error message from logging.

I logged into my test environment and followed the blog, well, really I followed the screen shot and sure enough simply setting the authn_service value to 9 did not prevent the message from being logged.

Here is a screen shot of the key set in my environment:



And here is the message still being logged after a restart of the AOS:



After doing some additional testing I discovered that I had to create both of the following registry values in the following location authn_service and authn_regspn.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dynamics Server\6.0\01\[Debug] The [Debug] location will be different based on your active Server configuration.

Steps to create the values:

  1. Right click on HKLM\SYSTEM\CurrentControlSet\Services\Dynamics Server\6.0\01\[Debug]
  2. Select String Value
  3. Name it: authn_service
  4. Give it a value of 9 (Negotiate)
  5. Repeat steps 1 and 2
  6. Name it: authn_regspn
  7. Give it a value of 0 (do not register spn)
The end configuration should look like this:



Keep in mind that this disables Kerberos authentication for Dynamics AX. If you decide to implement Kerberos later on you will need to remove the registry keys (or change their values rather) to enable AX to be able to use Kerberos. On the flip side of this, if you wish to force Kerberos authentication you could change the values to 16 (Kerberos) and 1 (register spn) respectively.

So now after restarting the AOS, the Application event log will not log the SPN error message. Here is the unregister SPN error message after made the changes and restarted the AOS for them to take effect:



And now there is no SPN error on startup (or the next shutdown) now that the new registry key values have been picked up by the AOS:





Источник: https://stoneridgesoftware.com/how-t...sing-kerberos/
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
atinkerersnotebook: An Introduction to Self Service Portals within Dynamics AX 2012 Blog bot DAX Blogs 0 19.01.2015 19:11
atinkerersnotebook: Using the Dynamics AX Excel Add-In Blog bot DAX Blogs 1 25.09.2013 07:11
AIF: Microsoft Dynamics AX Services and Windows Azure Service Bus Blog bot DAX Blogs 0 24.07.2013 03:13
axinthefield: Dynamics AX Event IDs Blog bot DAX Blogs 0 01.03.2011 22:11
daxdilip: Whats New in Dynamics AX 2012 (A brief extract from the recently held Tech Conf.) Blog bot DAX Blogs 7 31.01.2011 12:35

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 19:22.
Powered by vBulletin® v3.8.5. Перевод: zCarot
Контактная информация, Реклама.