Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6435: DirectAudit adding SPN to Active Directory always add dynamic port instead of static port

Auditing and Monitoring Service ,  

17 October,19 at 01:55 PM

Applies to: All versions of Centrify DirectAudit on Windows.

Problem:
When using the wizard to add the SPN to the Active Directory entry, it always uses the dynamic port even when the SQL server does have static port configured. The following error will be seen:

The SQL Server instance is running with a domain user account whose Active Directory entry does not have the required SQL Server Service Principal(SPN). The following SPN will be added to the Active Directory entry:

MSSQLSvc/<server FQDN>:<high end port>



Centrify DirectAudit Wizard

Cause:
The reason the dynamic port is used because the SQL server is listening on both static port and dynamic port. DirectAudit first check if SQL is listening on dynamic port or not and if no dynamic port is found, the system continue to check for the static port. Because of this order of checking, dynamic port is always returned first and hence the observed behavior.

Workaround:
When it is needed to specify a static port, a blank value is set for dynamic port (not zero or any other number) in order to disable the dynamic ports. It is recommended to set the value for TCP dynamic port to blank under IPAll section of SQL configuration manager. Then restart the SQL server service for changes to take effect.

SQL server with dynamic and static port

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-3925: How to add Centrify parameter to a group policy articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) article[TIPS] A Centrify Server Suite Cheat Sheet