Virtual Server 2005 and Service Principal Names (SPN)

I recently had to warnings in the Virtual Server log on my Virtual Server 2005 R2 host:
Type:         Warning
Event:        1130
Date Time:    27.06.2007 22:28:42
Source:       Virtual Server
ComputerName: HOME-VSHOST
Category:     Virtual Server
User:         NT AUTHORITYNETWORK SERVICE
Description:  The service principal names for Virtual Server could not be registered. Constrained delegation cannot be used until the SPNs have been registered manually.  Error 0x800706ba – The RPC server is unavailable.
Type:         Warning
Event:        1029
Date Time:    27.06.2007 22:28:42
Source:       Virtual Server
ComputerName: HOME-VSHOST
Category:     Remote Control
User:         NT AUTHORITYNETWORK SERVICE
Description:  The service principal name for the VMRC server could not be registered. Automatic authentication will always use NTLM authentication.  Error 0x800706ba – The RPC server is unavailable.
For some reason, the Virtual Server service, running as Network Service, was unable to add the necessary Service Principal Names (SPN) to the computer object of the Virtual Server host in Active Directory. This is a known problem when Virtual Server is running on a Domain Controller (http://support.microsoft.com/kb/890893/en-us), but this machine was a member server.
To resolve this problem you run the following commands:
setspn -A vmrc/<NetBIOS name of VS machine>:5900 <NetBIOS name of VS machine>
setspn -A vmrc/<FQDN of VS machine>:5900 <NetBIOS name of VS machine>
setspn -A vssrvc/<NetBIOS name of VS machine> <NetBIOS name of VS machine>
setspn -A vssrcv/<FQDN of VS machine> <NetBIOS name of VS machine>
Restart the Virtual Server service and the errors should be gone.

Leave a Reply

Your email address will not be published. Required fields are marked *