Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SQL Server - Kerberos Authentication and SPN Question

Posted on 2011-03-25
2
688 Views
Last Modified: 2012-06-21
Hi Experts,

I have a SQL Server than I am trying to force Kerberos Authentication. I followed the below link to setspn:

http://technet.microsoft.com/en-us/library/bb735885.aspx

Even after setting it and restarting, it still uses NTLM. The stange part here is that when I change it to run under local system account, it still uses NTLM instead of Kerberos.

Any pointers to resolve this issue and make it use Kerberos Authentication.

Thanks,
0
Comment
Question by:rocky_lotus_newbie
2 Comments
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 500 total points
ID: 35218228
Getting your SPN just right is a huge pain - it caused us tons of headaches when we first started moving to Kerberos years ago. Here are some things that tripped us up:

Do you have your SPN set up using just the servername, or using the FQDN of the server (server.domain.local, or whatever you have there)? I believe SQL Server uses the FQDN, but we always set up both.
Is your SPN set up for the account running your SQL Server service? For example, we run all our SQL Server services as OURDOMAIN\SQL_Proxy - is that the account that you've created the SPN for?

Also, is it possible that you've grantd duplicate SPNs during all your testing? That can cause Kerberos to stop working as well - here's the resolution to that:

http://blogs.msdn.com/b/darwin/archive/2005/10/19/482593.aspx

Also, are there are entries in the event log on your server or your client that suggest that Kerberos isn't working properly on your domain? Either logins that have been attempted by SPNego (negotiation) failed, or some other Kerberos errors? Do you have other services on your network that you know are using Kerberos properly, or is this the first service you're adding that's using it?

Best of luck, and I hope that you can find a resolution!
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 35445581
can you post what sql server version do you use?
did you get any errors?
are you still using windows 4 ?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question