When publishing a Lync Server topology in an environment where a pilot deployment exists in the same production domain you might run into an error that says “ServicePrincipalNameError: A service principal name operation failed.” when you attempt to publish your topology.

The following are some entries you may see in your log file:

  • · Valid: Finished validating sAMAccountName lynckerbauth$.
  • · Operation: Searching AD for account domainname\lynckerbauth.
  • · Query: (&((ObjectClass Equal computer)(ObjectCategory Equal computer)(SamAccountName Equal lynckerbauth$)))
  • · CompletedOperation: No account with NT name domainname\lynckerbauth was found in AD.
  • · Result: Status of the account in AD is NotExist.
  • · ExistingObject: Kerberos account domainname\lynckerbauth is assigned to site 1.
  • · Query: (&((|((ObjectClass Equal user)(ObjectClass Equal computer)))(servicePrincipalName Equal http/servername.domainname.com)))
  • · MissingObject: The service principal name http/servername.domainname.com was not found on any container in Active Directory.
  • · Operation: Adding SPN http/servername.domainname.com to account domainname\lynckerbauth.
  • · Operation: Adding SPN http/servername.domainname.com to account domainname\lynckerbauth.
  • · ServicePrincipalNameError: A service principal name operation failed.
  • · ServicePrincipalNameError: Failed to add service principal name http/servername.domainname.com to the container domainname\lynckerbauth.
  • · ServicePrincipalNameErrorResolution: Ensure that the container for the service principal name exists in Active Directory and that you have the correct permissions to create, modify, delete and verify service principal names in the target organizational unit. For more information, consult your Lync Server documentation.

To solve this simply create the Kerberos account name using the following command:

New-CsKerberosAccount -UserAccount "mtn\LyncKerbAuth" -ContainerDN "OU=Service Accounts,DC=domainame,DC=com"