Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, July 15, 2014 10:30 AM
Hi
I am getting error in a newly deployed SharePoint 2013 server with SQL server 2012 on Windows Server 2012 R2. SP and SQL er installed on two separate servers. I need help to find out that what is wrong with Search services i am getting error in Application event log (6482) every minute.
I already tired
Event ID: 6398
The Execute method of job definition Microsoft.Office.Server.Search.Administration.QueryClassificationDictionaryUpdateTimerJobDefinition (ID 39a7d0a8-e6c2-448b-9eed-3d61df136652) threw an exception. More information is included below.
Failed to run flow Microsoft.QueryClassificationDictionaryCompilationFlow. Correlation Id: 43baa49c-b6b0-f0e2-86dc-7f1ff352212c.
Event ID: 6398
The Execute method of job definition Microsoft.Office.Server.Search.Administration.CustomDictionaryDeploymentJobDefinition (ID 2eef2257-bd9e-4ef8-a91b-b7af726c0f7f) threw an exception. More information is included below.
Failed to run flow Microsoft.CustomDictionaryDeployment. Correlation Id: 3dbaa49c-d650-f0e2-86dc-7693c8165bb8.
Event ID: 6482
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (364065a3-55be-4e4d-b625-2b1fe6ce9cb3).
Reason: A call to SSPI failed, see inner exception.
Technical Support Details:
System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception. > System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. > System.ComponentModel.Win32Exception: The target principal name is incorrect
End of inner exception stack trace
at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.CheckCompletionBeforeNextSend(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
End of inner exception stack trace
Server stack trace:
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUpgrade(Stream stream)
at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecoder decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
Mahi
All replies (2)
Wednesday, July 16, 2014 2:53 AM âś…Answered | 2 votes
Hi Dyn,
According to your description, my understanding is that you got the error 6482 when you used SharePoint 2013 Search.
Firstly, make sure that the search service account have dbowner role on all search databases, then restart the server, compare the result.
If this issue still exists, please check the service accounts of SharePoint Timer Service and SharePoint Search Host Controller service, add a SPN entry for each the service account as the following command:
Setspn.exe -A HTTP/<the name of SharePoint server> <service account>
After the above, do an IISREST.
Here are two similar posts for you to take a look at:
http://www.jrjlee.com/2013/01/the-target-principal-name-is-incorrect.html
I hope this helps.
Thanks,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected].
Wendy Li
TechNet Community Support
Tuesday, May 16, 2017 3:55 AM
That's a terrible recommendation.
Firstly, adding an SPN without checking if an SPN for that SERVICE/HOST exists is bad. If an SPN does exist, you're either going to break Kerberos authentication (if the existing SPN is correct), or not solve the problem (if an SPN already exists and is incorrect).
Secondly, adding an SPN without checking what else is using HTTP on that host isn't a bright idea either. Odds are the SharePoint timer service is running as the Farm account, while the search controller is running as a different account. "add an SPN entry for each account" will result in two different SPN's - Kerberos authentication for HTTP on that host will be broken.
Now assuming your farm has multiple machines, that HTTP record would have to exist on any machine running either of those services. ie every server in the farm. Unless your App pools are running as farm service (Which would be bad, and not consistent with best practices), then you'll have just broken access to those app pools to every user (it should fall back to NTLM, but in most cases it doesn't). Even assuming your web app pools ARE running as farm service (and if so, go review your security and governance. Seriously.), it will be broken anyway on account of the second SPN you've just added.
Unmark this as answer. It's just bad advice, and demonstrates a complete lack of understanding of how Kerberos and SPNs work.