Installing SQL Server 2005 is not creating the SPNs

Chris24
Chris24 used Ask the Experts™
on
After installing SQL Server 2005 x64 as Administrator in Windows Server 2003, I run setspn -L serviceaccountname and the install is only creating 1 entry on the domain controller (Windows Server 2003 x86). It should create multiple from what I understand. I also know that I can create these manually but I shouldn't have to and this is telling me that something is wrong. Any ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
PberSolutions Architect

Commented:
Is the sql server running under a domain account?  If so do this:
http://support.microsoft.com/kb/319723
...specifically: Step 3: Configure the SQL Server service to create SPNs dynamically

This too:
http://msdn2.microsoft.com/en-us/library/aa905162(sql.80).aspx
Solutions Architect
Commented:
Also I found that is usually only registers the FQDN SPN.  You can also manually add  the NetBIOS SPN as needed as per the second link above.

FQDN:
setspn -A MSSQLSvc/myserver.microsoft.com:1433 MYDOMAIN\sqlsvc
NetBIOS
setspn -A MSSQLSvc/myserver:1433 MYDOMAIN\sqlsvc

If SQL is running under the local system it should register it's own SPN's.  In this case for Constrained Delegation, you would then delegate the computer account to a remote service as opposed to delegating the service account as you would do if it would be running under a domain account.

Author

Commented:
I wiped and rebuilt my domain controller, setup my domain, joined the SQL server to the domain, trusted that server for delegation, ran the SQL Server 2005 x64 install installing ALL options Analysis, Reporting, etc... and it created ONE SPN on my DC. I ran and installed a new instance and it created just ONE additional SPN for that instance. My DB guy here says there should be more than the one??? Is this correct? It obviously has permission to create if it created one. Should there be more than one SPN per instance? Each SPN is pointing to the correct port number

Server 1: SQL Server 2005 - Windows 2003 R2 x64 - Dell PowerEdge 2900
Domain Controller: Windows 2003 R2 x86

We've been going round and round with this for two weeks now.

Thanks,
Chris
PberSolutions Architect

Commented:
Are you running SQL under a domain service account or local system?
What rights does the SQL service account have?  (Normal user, domain admin).

From my experience, SQL will only create one FQDN SPN for each instance even if you allow dynamic SPN registration (as per my previous post)
i.e.
MSSQLSvc/SQLServer.domain.com:1433

Are you just trying to setup Kerberos double hop Authentication?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial