Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-6435: DirectAudit adding SPN to Active Directory always add dynamic port instead of static port

Auditing and Monitoring Service ,  

17 October,19 at 01:55 PM

Applies to: All versions of Centrify DirectAudit on Windows.

When using the wizard to add the SPN to the Active Directory entry, it always uses the dynamic port even when the SQL server does have static port configured. The following error will be seen:

The SQL Server instance is running with a domain user account whose Active Directory entry does not have the required SQL Server Service Principal(SPN). The following SPN will be added to the Active Directory entry:

MSSQLSvc/<server FQDN>:<high end port>

Centrify DirectAudit Wizard

The reason the dynamic port is used because the SQL server is listening on both static port and dynamic port. DirectAudit first check if SQL is listening on dynamic port or not and if no dynamic port is found, the system continue to check for the static port. Because of this order of checking, dynamic port is always returned first and hence the observed behavior.

When it is needed to specify a static port, a blank value is set for dynamic port (not zero or any other number) in order to disable the dynamic ports. It is recommended to set the value for TCP dynamic port to blank under IPAll section of SQL configuration manager. Then restart the SQL server service for changes to take effect.

SQL server with dynamic and static port