Backtrack:  
 
by lunarg on September 4th 2015, at 09:25

Often overlooked during the installation of a Microsoft SQL Server is the creating of the required Service Principal Name(s) (SPN) to enable authentication through Kerberos. SCOM highlights this oversight nicely with this warning:

Alert Description
SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.
Service Account: CONTOSO\s_clsql_sqlsrv_de
Missing SPNs: MSSQLSvc/CLSQL01.contoso.com:MSSQL, MSSQLSvc/CLSQL01.contoso.com:1433
Misplaced SPNs:
Duplicate SPNs:

The solution is simple: create the SPNs. All the info you need is actually in the alert's description. Use the information to create the SPNs.

Log on to a domain controller or member with domain admin rights, then run these from a command prompt:

setspn -S MSSQLSvc/CLSQL01.contoso.com:MSSQL CONTOSO\s_clsql_sqlsrv_de
setspn -S MSSQLSvc/CLSQL01.contoso.com:1433 CONTOSO\s_clsql_sqlsrv_de

Replace the SPN (first parameter) and service account (second parameter) accordingly. Note that setspn -S does not exist on pre-2008R2 systems. In this case, use setspn -A.

 
 
« November 2024»
SunMonTueWedThuFriSat
     12
3456789
10111213141516
17181920212223
24252627282930
 
Links
 
Quote
« You only find out who is swimming naked when the tide goes out. »
Warren Buffett