How to prevent the error Failed to Register Service Principal Name (SPN) in Dynamics AX, when not using Kerberos

by | Updated August 15, 2016 | Dynamics AX, Security

I was recently working with a client who wasn’t using Kerberos authentication in their Dynamics AX 2012 R3 environment. The IT admin did not like seeing the following error being logged in their environment:

Object Server 01:  RPC error: Failed to register service principal name (SPN): ’29D16D8E-32D1-433B-B77F-987C2408CEA4/VOYAGER.demo.local:2712′

Object Server 01:  RPC error: Failed to unregister service principal name (SPN): ’29D16D8E-32D1-433B-B77F-987C2408CEA4/VOYAGER.demo.local:2712′

From the Windows Application Event Log, if you filter on the following you can see if this error exists in your environment:

Filter Current Log Error

In the event log, you will find 1 message per startup and shutdown of the AOS service.

Startup

error: Failed to register service principal name in Dynamics AX

Shutdown

error: Failed to register service principal name in Dynamics AX

The IT admin did not want this message being logged and had followed this enhanced security with Kerberos blog to prevent the messages from being logged without success. The IT admin was adamant that they would never use Kerberos in their AX environment and wanted to prevent the error message from logging.

I logged into my test environment and followed the blog, well, really I followed the screen shot and sure enough simply setting the authn_service value to 9 did not prevent the message from being logged.

Here is a screen shot of the key set in my environment:

Registry Editor

And here is the message still being logged after a restart of the AOS:

error: Failed to register service principal name in dynamics AX

After doing some additional testing I discovered that I had to create both of the following registry values in the following location authn_service and authn_regspn.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dynamics Server\6.0\01\[Debug]

The [Debug] location will be different based on your active Server configuration.

Steps to create the values:

  1. Right click on HKLM\SYSTEM\CurrentControlSet\Services\Dynamics Server\6.0\01\[Debug]
  2. Select String Value
  3. Name it: authn_service
  4. Give it a value of 9 (Negotiate)
  5. Repeat steps 1 and 2
  6. Name it: authn_regspn
  7. Give it a value of 0 (do not register spn)

The end configuration should look like this:

Registry editor

Keep in mind that this disables Kerberos authentication for Dynamics AX. If you decide to implement Kerberos later on you will need to remove the registry keys (or change their values rather) to enable AX to be able to use Kerberos. On the flip side of this, if you wish to force Kerberos authentication you could change the values to 16 (Kerberos) and 1 (register spn) respectively.

So now after restarting the AOS, the Application event log will not log the SPN error message. Here is the unregister SPN error message after made the changes and restarted the AOS for them to take effect:

error: Failed to register service principal name in dynamics AX

And now there is no SPN error on startup (or the next shutdown) now that the new registry key values have been picked up by the AOS:

Application of dynamics server 01

Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events

september

01sep10:00 am10:30 amEnsuring Quality and Compliance for Batch Manufacturers in Life Sciences

01sep12:00 pm12:30 pmIs it Worth It to Move to the Cloud? A Look at Considerations for Current Agribusinesses Using Dynamics GP

01sep2:00 pm2:45 pmWhat’s New in Dynamics 365 Finance and Supply Chain

09sep11:00 am12:00 pmConfab Live with Stoneridge – Data Strategy and Reporting – Mining Decision Making Insights

15sep10:00 am11:00 amSolving the Biggest Challenges in Agribusiness Through Innovation and Technology

22sep12:00 am12:30 pmSimplifying Payroll and HR Management with ADP Workforce Now

22sep10:00 am10:30 amStreamlining Batch Manufacturing with Technology

22sep2:00 pm2:30 pmProcess Automation for Microsoft Dynamics D365 for Business Central, Finance and Operations and GP

23sep11:00 am12:00 pmConfab LIVE with Stoneridge - Riding the Wave 2 Release – Key Features Coming to Dynamics 365 this October

27sep(sep 27)9:00 am15oct(oct 15)11:00 amDynamics 365 Finance & Supply Chain Development Training - Online Workshop

29sep10:00 am11:00 amTop Five Reasons Why NOW is the Right Time to Move from Salesforce to Dynamics 365 Customer Engagement

29sep12:00 pm12:45 pmUnderstanding Job Costing and Tax Management in Business Central

29sep2:00 pm3:00 pmDigitalizing Horticulture & Agriculture - How to Sell Plants Online and Simplify Business Management

30sep12:00 pm4:00 pmSecurity and Permissions Training for D365 Business Central or Dynamics NAV

october

27sep(sep 27)9:00 am15oct(oct 15)11:00 amDynamics 365 Finance & Supply Chain Development Training - Online Workshop

06oct10:00 am10:30 amPreview of D365 Business Central Fall Release Features and Functionality

06oct12:00 pm12:30 pmInsider's Guide to New Features Available in the Fall Release of D365 Finance and Supply Chain

07oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Technical

21oct11:00 am12:00 pmConfab LIVE with Stoneridge - Dataverse and Dynamics in Review – Let’s Get Functional

26oct(oct 26)9:00 am28(oct 28)5:00 pmStoneridge Connect Leadership and Community Conference

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X