Solved

SQL Server - Kerberos Authentication and SPN Question

Posted on 2011-03-25
2
684 Views
Last Modified: 2012-06-21
Hi Experts,

I have a SQL Server than I am trying to force Kerberos Authentication. I followed the below link to setspn:

http://technet.microsoft.com/en-us/library/bb735885.aspx

Even after setting it and restarting, it still uses NTLM. The stange part here is that when I change it to run under local system account, it still uses NTLM instead of Kerberos.

Any pointers to resolve this issue and make it use Kerberos Authentication.

Thanks,
0
Comment
Question by:rocky_lotus_newbie
2 Comments
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 500 total points
ID: 35218228
Getting your SPN just right is a huge pain - it caused us tons of headaches when we first started moving to Kerberos years ago. Here are some things that tripped us up:

Do you have your SPN set up using just the servername, or using the FQDN of the server (server.domain.local, or whatever you have there)? I believe SQL Server uses the FQDN, but we always set up both.
Is your SPN set up for the account running your SQL Server service? For example, we run all our SQL Server services as OURDOMAIN\SQL_Proxy - is that the account that you've created the SPN for?

Also, is it possible that you've grantd duplicate SPNs during all your testing? That can cause Kerberos to stop working as well - here's the resolution to that:

http://blogs.msdn.com/b/darwin/archive/2005/10/19/482593.aspx

Also, are there are entries in the event log on your server or your client that suggest that Kerberos isn't working properly on your domain? Either logins that have been attempted by SPNego (negotiation) failed, or some other Kerberos errors? Do you have other services on your network that you know are using Kerberos properly, or is this the first service you're adding that's using it?

Best of luck, and I hope that you can find a resolution!
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 35445581
can you post what sql server version do you use?
did you get any errors?
are you still using windows 4 ?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

How to leverage one TLS certificate to encrypt Microsoft SQL traffic and Remote Desktop Services, versus creating multiple tickets for the same server.
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now