Welcome to Management Pack Wiki! Your documentation pro for SCOM Management Packs
0 comment(s) Post a comment

SPN Not Registered Monitor

  • ID:  Microsoft.ActiveDirectoryFederationServices.10.0.FederationServerSPNMonitor
  • Description:  SPN Not Registered
  • Target:  Federation Server
  • Enabled:  Yes

Operational States

Name State Description
Success Success Success
Error Warning Error

Overridable Parameters

Parameter Name Default Value Description Override
Interval (seconds) 900 Interval (seconds)
Timeout (seconds) 180 Timeout (seconds)

Alert Details

Monitor State Message Priority Severity Auto Resolution
Error (Warning) SPN Not Registered Medium Warning Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

The SPN of the AD FS service account is not registered correctly in Active Directory Domain Services (AD DS). This monitor queries the SPN attribute of the AD FS service account from AD DS every 15 minutes and checks whether it is in the format "host/<Federation Service name>"

Causes

The service account that is associated with the AD FS Windows service has been changed, but AD FS cannot find a registered SPN in AD DS for the new service account.

Resolutions

Make sure that the SPN for the service account is registered correctly in AD DS. For more information, see "Manually Configure a Service Account for a Federation Server Farm" in the AD FS Deployment Guide.

External References
This monitor does not contain any external references.

See Also for Active Directory Federation Services Management Pack


Downloads for Active Directory Federation Services Management Pack

Post a comment