On Premises - ClusterSPN Setup RRS feed

  • Question

  • I am trying to setup Service Fabric on some VM Ware Virtual Machines in my local data center.

    I am getting the error: ClusterSpn gMSA-somevalue.mydomain.net is not found in domain mydomain.net

    I do have a ClustergMSAIdentity that was created by my system admins for me.  This is the info they gave me back after setting it up:

    Account Name:  gMSA-SOMEVALUE

    DNS Name:  gMSA-SOMEVALUE.mydomain.net


    Associated AD Group:  gMSA-GrpSrvClusterBld

    Group members:  MyClusterServer1, MyClusterServer2, and MyClusterServer3

    Is one of these my Cluster SPN? (I doubt it because I have tried them all)  Or do I need to get my system admins to setup something else for me?

    So, what I need to know is: Does the ClusterSpn need to be setup in advance?

    If it does, what is it?  Is this a windows failover cluster that I need to get in place?  Something todo while setting up the ClustergMSAIdentity? Or something else?

    Note: I have read this page, and it does not clear up anything for me related to ClusterSpn: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-windows-cluster-windows-security  (Just incase someone was going to recommend I read it.)

    Update: I looked at the above link again to see if I missed anything.  I noticed that the doc had changed the definition of what ClusterSPN was.  It used to just say "fqdn"  But now it says: "Fully qualified domain SPN for gMSA account"

    I asked my my System Admin for the fully qualified domain SPN for my Group Managed Service Account he made me, and he asked me for the Cluster Name.  I told him I don't have one...  None of the docs mention setting up a cluster of any kind (that I can find).  His only response was "there has to be a cluster name".  (He then went to "Do Not Disturb" mode and ignored all my follow up questions.)

    If anyone has any insight as to what this "cluster" is, I could really use a hand.  Is it a Active Directory thing?  Windows?  Domain Controller? Failover?  Any hit is going to help me out a ton!

    NOTE: I know what a cluster is in general, and am fairly familiar with them in a SQL Server sense.  But I am in the dark on how it relates to the Service Fabric setup.

    • Edited by Vaccanoll Thursday, June 8, 2017 5:55 PM
    Wednesday, June 7, 2017 11:06 PM


  • So, I noticed that my service fabric config had a "name" parameter.  I was able to get my system admin to make me a n SPN using that "name" parameter.  So the SPN he made was ServiceFabric/MyNameHere.mydomain.net .

    I ran the installer with that and it seems to have worked!!!

    • Marked as answer by Vaccanoll Thursday, June 8, 2017 9:15 PM
    Thursday, June 8, 2017 9:15 PM