Manually set spn update permissions, Exchange credentials, Assigning exchange full administrator permission – HP Storage Mirroring V5 Software User Manual
Page 115
HP StorageWorks Storage Mirroring Application Manager user’s guide 105
6.
In
Name
, type the name of the user you want to add to the group. If you want to validate the user or group
names that you are adding, click
Check Names
.
7.
Click
OK
to close all open dialog boxes.
Manually set SPN update permissions
The
Write servicePrincipalName
permission on the source computer account in Active Directory must be assigned
to the account that will modify the SPNs. This is an advanced permission and assigning either of the more
general Write or Full Control permissions, which are assigned to Domain Admins by default, which would also
be adequate. The permission must be assigned to one of the following:
•
The target's Storage Mirroring service logon account. If the target's Storage Mirroring service is configured
to log on as the System account, the target's Active Directory computer account should be assigned the
permissions
•
The account specified in the failover monitor configuration.
Use the following procedure to assign the
Write servicePrincipalName
permission to a user or group:
1.
Start
Active Directory Users and Computers
.
2.
Select
View, Advanced
.
3.
Locate the source's computer account.
4.
Right-click on the source computer account and select
Properties
.
5.
Select the
Security
tab and click the
Advanced
button.
6.
If the account or group you want to add is not listed, click
Add
to add it.
7.
Select the account or group and click
View/Edit
.
8.
Select the
Properties
tab and check
Write servicePrincipalName
.
9.
Click
OK
to accept the change.
Exchange Credentials
Proper rights must be assigned to the account that is entered when the Application Manager prompts for
credentials. If these credentials are not properly assigned, you will be prompted to enter alternate credentials
before protection can be enabled.
For Exchange, you must first configure all permissions as described in ”
” on page 101. In addition, the user must be an “Exchange Full Administrator”.
In order to operate the Application Manager for setup and to manage failover and failback for Exchange, the
following permissions are required:
•
The user running the Application Manager must have rights to manage Exchange in order to query and
modify the Exchange Active Directory objects. The Configuration Container resides in the root of the Active
Directory forest and contains the Exchange organizational objects.
•
The user running the Application Manager must be an Exchange full administrator at the organizational
level, as delegated via the Exchange System Manager at the user level or have delegated rights via the
Application Manager delegate rights control. The Application Manager will first attempt to impersonate the
current logged-on user before prompting for different credentials.
NOTE:
To clarify, currently rights must be delegated to a specific user and not the group the user belongs to
in order for the Application Manager to recognize them.
•
If Exchange is clustered, the user running the Application Manager must be a member of the Cluster
Administrators and local Administrator group for each of the source and target cluster nodes.
Assigning Exchange Full Administrator permission
The user account being used for Storage Mirroring Application Manager cannot be nested in a group under
the Exchange Organization that had Exchange Full Admin permissions. Remove the user account from the
nested group or explicitly add the user account as an Exchange Full Admin in the Exchange System Manager.
1.
Select
Start, Programs, Microsoft Exchange, System Manager
.