SQL 2005 SQLCMD and SSPI context
Posted on 2009-05-01
Windows 2003 (native) AD
Windows 2003 R2 ENT, x64 SP2
SQL 2005 ENT x64
The issue I have just recently been getting is the following when running an SQLCMD via SSMS:
HResult 0x80090322, Level 16, State 1
SQL Network Interfaces: The target principal name is incorrect.
Sqlcmd: Error: Microsoft SQL Native Client : Cannot generate SSPI context.
I have run the command also connected as "SA" (which should bypass the use of win integrated auth and SSPI?) and I still get the same issue...
I can also run the command fine on the target server and also via command line???
I have checked the SPN on the domain controller's and the host and FQDN of the server seems fine.
I have also run nslookup and checked overall DNS and all seems fine...
I do get an error in the event log:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/DIFFERENT_MACHINENAME.DOMAIN.COM. The target name used was MSSQLSvc/DIFFERENT_MACHINENAME.DOMAIN.COM:1433. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DOMAIN.COM), and the client realm. Please contact your system administrator.
I am thinking the best way is to unjoin from domain, delete AD machine account and then re-join domain, or use NETDOM to reset machine account???
Otherwise, SQL seems to be happy with no other problems (so far that I have noticed anyhow..!)
Any pointers greatly appreciated.