Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SQL Server - Kerberos Authentication and SPN Question

Posted on 2011-03-25
2
Medium Priority
?
700 Views
Last Modified: 2012-06-21
Hi Experts,

I have a SQL Server than I am trying to force Kerberos Authentication. I followed the below link to setspn:

http://technet.microsoft.com/en-us/library/bb735885.aspx

Even after setting it and restarting, it still uses NTLM. The stange part here is that when I change it to run under local system account, it still uses NTLM instead of Kerberos.

Any pointers to resolve this issue and make it use Kerberos Authentication.

Thanks,
0
Comment
Question by:rocky_lotus_newbie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 2000 total points
ID: 35218228
Getting your SPN just right is a huge pain - it caused us tons of headaches when we first started moving to Kerberos years ago. Here are some things that tripped us up:

Do you have your SPN set up using just the servername, or using the FQDN of the server (server.domain.local, or whatever you have there)? I believe SQL Server uses the FQDN, but we always set up both.
Is your SPN set up for the account running your SQL Server service? For example, we run all our SQL Server services as OURDOMAIN\SQL_Proxy - is that the account that you've created the SPN for?

Also, is it possible that you've grantd duplicate SPNs during all your testing? That can cause Kerberos to stop working as well - here's the resolution to that:

http://blogs.msdn.com/b/darwin/archive/2005/10/19/482593.aspx

Also, are there are entries in the event log on your server or your client that suggest that Kerberos isn't working properly on your domain? Either logins that have been attempted by SPNego (negotiation) failed, or some other Kerberos errors? Do you have other services on your network that you know are using Kerberos properly, or is this the first service you're adding that's using it?

Best of luck, and I hope that you can find a resolution!
0
 
LVL 43

Expert Comment

by:Eugene Z
ID: 35445581
can you post what sql server version do you use?
did you get any errors?
are you still using windows 4 ?
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
It is possible to export the data of a SQL Table in SSMS and generate INSERT statements. It's neatly tucked away in the generate scripts option of a database.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question