Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> Connected Services Framework >> Connected Services Framework

OHSBE Installation issue - Mapping Kerberos token to OHSBE services

Hi,

I am trying to install OHSBE but face the following issue:

Mapping Identity of OHSBE WSE web service and OHSBE Windows service to Kerberos token - CSF\OHSBE30

My domain name is CSFDomain. While installing OHSBE I am not able to map Kerberos token - CSF\OHSBE30 to OHSBE WSE web service and OHSBE Windows service. The commandSetspnfails, I tried several combinations without getting success:


C:\Program Files\Support Tools>setspn -A CSFDOMAIN\OHSBE30 CSFDOMAIN\OHSBE-Servi
ce
Registering ServicePrincipalNames for CN=OHSBE-Service,OU=CSF_OHSBE,OU=CSF-Admin
istration-OU,DC=CSFDomain,DC=com
CSFDOMAIN\OHSBE30
Failed to assign SPN on account 'CN=OHSBE-Service,OU=CSF_OHSBE,OU=CSF-Administra
tion-OU,DC=CSFDomain,DC=com', 0x20b5

C:\Program Files\Support Tools>setspn -A CSFDomain\OHSBE30 CSFDomain\OHSBE-Servi
ce
Registering ServicePrincipalNames for CN=OHSBE-Service,OU=CSF_OHSBE,OU=CSF-Admin
istration-OU,DC=CSFDomain,DC=com
CSFDomain\OHSBE30
Failed to assign SPN on account 'CN=OHSBE-Service,OU=CSF_OHSBE,OU=CSF-Administra
tion-OU,DC=CSFDomain,DC=com', 0x20b5

C:\Program Files\Support Tools>setspn -A CSF\OHSBE30 CSFDomain\OHSBE-Service
Registering ServicePrincipalNames for CN=OHSBE-Service,OU=CSF_OHSBE,OU=CSF-Admin
istration-OU,DC=CSFDomain,DC=com
CSF\OHSBE30
Failed to assign SPN on account 'CN=OHSBE-Service,OU=CSF_OHSBE,OU=CSF-Administra
tion-OU,DC=CSFDomain,DC=com', 0x20b5

Can anyone let me know how to get this issue resolved?

Thanks,

Ashish Malhotra

[1944 byte] By [AshishMalhotra] at [2008-2-2]
«« Clickonce and windows 2000
»» Compiler related?
# 1

Setspn.exe requires domain administrator privileges. So you login with domain administrator account to run the command successfully. Also SPN should contain forward slash.

Following is recommeded practice

setspn -A domainname/servicename domainname\serviceaccount

NatrajFT at 2007-10-8 > top of Msdn Tech,Connected Services Framework,Connected Services Framework...
# 2

Hi Ashish,

Thanks for your note - I can see that the setspn.exe command has the wrong form... Instead of this:

setspn -A CSFDOMAIN\OHSBE30 CSFDOMAIN\OHSBE-Service

Try this form - note the forward / after "CSFDOMAIN":

setspn -A CSFDOMAIN/OHSBE30 CSFDOMAIN\OHSBE-Service

That should now work... The interesting thing about setspn.exe is that the first identifier could be anything - it could be, for example:

setspn -A Forum/Answer CSFDOMAIN\OHSBE-Service

Thanks, Ashish!!!

-Rob.

Rob-MSFT at 2007-10-8 > top of Msdn Tech,Connected Services Framework,Connected Services Framework...
Connected Services Framework

Connected Services Framework Hot Topic

Connected Services Framework

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified