Article ID: 2961630 - View products that this article applies to.
You may encounter various problems with Microsoft System Center Virtual Machine Manager 2008 (VMM 2008) or System Center 2012 Virtual Machine Manager (VMM 2012) that are related to authentication and authorization if the required service principal names (SPNs) are missing or incorrect.
This can occur if the missing or incorrect Service Principal Names (SPNs) cause delegation to fail.
To resolve this issue, you can use the setspn command to check for duplicate SPNs and to create missing SPNs if this is necessary.
Note Not all SPNs may be required. The requirements will vary based on the server roles that are installed.
For Virtual Console Support for Hyper-V Hosts (VMConnect.exe), the following SPNs are required on Hyper-V hosts:
setspn -s computername "Microsoft Virtual Console Service/hostname"setspn -s computername "Microsoft Virtual Console Service/hostname.fqdn.etc"For P2V support, the following SPNs are required:setspn -s computername "Microsoft Virtual System Migration Service/hostname.fqdn.etc"setspn -s computername "Microsoft Virtual System Migration Service/hostname"
For Microsoft Virtual Server 2005 hosts and the VMRC utility, the following SPNs are required:
setspn -s computername vmrc/hostname.fqdn.etc:5900setspn -s computername vmrc/hostname:5900setspn -s computername vssrvc/hostname.fqdn.etcsetspn -s computername vssrvc/hostname
For RDP support, the following SPNs are required:
setspn -s computername TERMSRV/hostname.fqdn.etcsetspn -s computername TERMSRV/hostname
For the host, the following SPNs are required:
setspn -s computername HOST/hostnamesetspn -s computername HOST/hostname.fqdn.etc
For HTTP, the following SPNs may be needed for authentication on SSP if the VMM server is using Remote SQL:
setspn -s computername HTTP/hostname.fqdn.etcsetspn -s computername HTTP/hostname
For SQL, requirements depend on port and instance type.
For a named instance, the following SPNs are required:
setspn -s computername MSSQLSvc/hostname.fqdn.etc:Portsetspn -s computername MSSQLSvc/hostname.fqdn.etc:InstanceName
For a default instance, the following SPNs are required:
setspn -s computername MSSQLSvc/hostname:1433setspn -s computername MSSQLSvc/hostname.fqdn.etc:1433
For more information see the following resources:
How to Implement Kerberos Constrained Delegation with SQL Server 2008: http://msdn.microsoft.com/en-us/library/ee191523.aspx
How to use SPNs when you configure web applications that are hosted on Internet Information Services: http://support.microsoft.com/kb/929650
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.
Article ID: 2961630 - Last Review: April 18, 2014 - Revision: 1.0
Contact us for more help
Connect with Answer Desk for expert help.