Learn how to a build a cloud-first strategyRegister Now


Cannot generate SSPI context

Posted on 2009-02-19
Medium Priority
Last Modified: 2012-05-06
Hello...  I am a SQL Server machine...it has SQL Server 2005 and 2008 Express...

When trying to use the SQL Server Management Studio to remotely connect to it...I get a "Cannot Generate SSPI Context" error...

I need help...  Thanks...

Question by:StrongD1
  • 3
  • 2
LVL 60

Expert Comment

ID: 23683461
have you changed your pwd recently?

Author Comment

ID: 23683869
No... not at all...  this is a small "Lab network" we built to do software development on.  I am a developer, not a SQL Server DBA.... so SQL Server admin stuff is new to me.

Accepted Solution

StrongD1 earned 0 total points
ID: 23684213
Ok...I was able to get in.  Here is what I did for the record.

After reading a ton on here and a ton on Google about this error, a lot of people were saying it could be the Domain Controller...  My DC is a Windows 2003 Enterprise.... my SQL Server DB is on a Windows 2003 Standard.   So I started poking around the DC and I noticed when the Window firewall is on the SQL Server DB machine took forever to logon to the domain... it would take 5 minutes or so...  when I turned off the firewall on the DC, it would login in 5 seconds....   so I turned off the firewall on the DC and everything works...

Does that make sense to anyone?  That is all I did... I didn't configure anything other turning off the firewall on the DC.

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Expert Comment

ID: 23685771
I had this issue before and resolved it. this is due to SPN issue. follow this to resovle Resolution:
To configure the SQL Server service to create SPNs dynamically, follow these steps:
1.      Click Start, click Run, type Adsiedit.msc, and then click OK.
2.      In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN= AccountName, and then click Properties.

"      DomainName is a placeholder for the name of the domain.
"      RootDomainName is a placeholder for the name of the root domain.
"      AccountName is a placeholder for the account that you specify to start the SQL Server service.
"      If you specify the Local System account to start the SQL Server service, AccountName is a placeholder for the account that you use to log on to Microsoft Windows.
"      If you specify a domain user account to start the SQL Server service, AccountName is a placeholder for the domain user account.

3.      In the CN= AccountName Properties dialog box, click the Security tab.
4.      On the Security tab, click Advanced.
5.      In the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries.

If SELF is not listed, click Add, and then add SELF.
6.      Under Permission entries, click SELF, and then click Edit.
7.      In the Permission Entry dialog box, click the Properties tab.
8.      On the Properties tab, click This object only in the Apply onto list, and then make sure that the check boxes for the following permissions are selected under Permissions:
"      Read servicePrincipalName
"      Write servicePrincipalName

9.      Click OK three times, and then exit the ADSI Edit snap-in.


Expert Comment

ID: 23685785
also check the SPN using ldifde.

Author Comment

ID: 23685921
Yeah... thanks for the info asadeen:....  that is good to know..

Hopefully we don't run into this problem again...   It seems our domain controllers firewall was causing problems authenicating the SQL Server machine.... I don't think SQL Server machine was even on the domain....  Who know... but thanks for the info.


Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
Naughty Me. While I was changing the database name from DB1 to DB_PROD1 (yep it's not real database name ^v^), I changed the database name and notified my application fellows that I did it. They turn on the application, and everything is working. A …
Loops Section Overview
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question