-
Title
Access Error SPN -
Description
Access error to the GPOAdmin, there was no change on the server, the used service account, or database.
While getting access to the application, the following error appears:
The following error occurred retrieving the scheduled RSoP Validations: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.)
-
Cause
In this instance, the usage of the certificate to authenticate to the SQL server is done internally to the Microsoft SQL database provider used by GPOADmin to communicate with the database. GPOAdmin gathers the information configured on the Configuration store wizard and then passes the formatted connection string into the SQL provider. The provider then takes that connection string and communicates with the database.
Any mechanism to use the certificate on the SQL server would be contained within the database provider and that is not made available to GPOADmin, other than to pass in a connection string parameter to trust any existing certificate or not, primarily used for self-signed certificates. GPOAdmin has no control over the way SQL determines how the certificate is used.
-
Resolution
The most common cause of this error is an issue with the certificate on the SQL server.
When we are attempting to contact the database to get data, we would be attempting to get the user's delegations and role assignments from the database as they are logging in. This connection is failing giving the error in question.
The cause could be an expired certificate on the SQL server or a server certificate stored on the SQL Server host that did not have the alias in the SAN that the GPOAdmin was used in the configuration.
The is coming from the SQL server and not GPOadmin related, should be investigated from the SQL server side.
