by lunarg on September 4th 2015, at 09:25

Often overlooked during the installation of a Microsoft SQL Server is the creating of the required Service Principal Name(s) (SPN) to enable authentication through Kerberos. SCOM highlights this oversight nicely with this warning:

Alert Description
SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.
Service Account: CONTOSO\s_clsql_sqlsrv_de
Missing SPNs: MSSQLSvc/, MSSQLSvc/
Misplaced SPNs:
Duplicate SPNs:

The solution is simple: create the SPNs. All the info you need is actually in the alert's description. Use the information to create the SPNs.

Log on to a domain controller or member with domain admin rights, then run these from a command prompt:

setspn -S MSSQLSvc/ CONTOSO\s_clsql_sqlsrv_de
setspn -S MSSQLSvc/ CONTOSO\s_clsql_sqlsrv_de

Replace the SPN (first parameter) and service account (second parameter) accordingly. Note that setspn -S does not exist on pre-2008R2 systems. In this case, use setspn -A.