Event Id | 9317 |
Source | msexchangesa |
Description | Failed to register Service Principal Name for %1; error code was %2. |
Event Information | Explanation : This event is indicating a failure to register SPN. This may prevent Outlook/OWA clients, running in a Kerberos-Only network, to get authenticated and logon to their mailbox. SPN "service principal name" gives a service running on a particular machine a global identity that allows it to authenticate via Kerberos. Exchange System Attendant is responsible for the SPN registrations of Exchange services. User Action : SPNs are used by clients like Outlook to authenticate with the server. Verify that Outlook clients are able to log on and read mail, if not, try to restart MSExchangeSA. If that does not work, call Microsoft Product Support Services. Users can also work around this problem by using a Windows utility called "setspn" that allows manual registration of SPNs on a machine Exchange only registers "exchangeRFR" and "exchangeMDB" SPNs, which are used for Outlook authentication By default, only domain administrators and local system can register SPNs. In some cases, Exchange administrators do not have any domain administrator rights, therefore they have to ask the domain administrator to run setspn. |
Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.