Solved

SQL Server - Kerberos Authentication and SPN Question

Posted on 2011-03-25
2
690 Views
Last Modified: 2012-06-21
Hi Experts,

I have a SQL Server than I am trying to force Kerberos Authentication. I followed the below link to setspn:

http://technet.microsoft.com/en-us/library/bb735885.aspx

Even after setting it and restarting, it still uses NTLM. The stange part here is that when I change it to run under local system account, it still uses NTLM instead of Kerberos.

Any pointers to resolve this issue and make it use Kerberos Authentication.

Thanks,
0
Comment
Question by:rocky_lotus_newbie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 500 total points
ID: 35218228
Getting your SPN just right is a huge pain - it caused us tons of headaches when we first started moving to Kerberos years ago. Here are some things that tripped us up:

Do you have your SPN set up using just the servername, or using the FQDN of the server (server.domain.local, or whatever you have there)? I believe SQL Server uses the FQDN, but we always set up both.
Is your SPN set up for the account running your SQL Server service? For example, we run all our SQL Server services as OURDOMAIN\SQL_Proxy - is that the account that you've created the SPN for?

Also, is it possible that you've grantd duplicate SPNs during all your testing? That can cause Kerberos to stop working as well - here's the resolution to that:

http://blogs.msdn.com/b/darwin/archive/2005/10/19/482593.aspx

Also, are there are entries in the event log on your server or your client that suggest that Kerberos isn't working properly on your domain? Either logins that have been attempted by SPNego (negotiation) failed, or some other Kerberos errors? Do you have other services on your network that you know are using Kerberos properly, or is this the first service you're adding that's using it?

Best of luck, and I hope that you can find a resolution!
0
 
LVL 43

Expert Comment

by:Eugene Z
ID: 35445581
can you post what sql server version do you use?
did you get any errors?
are you still using windows 4 ?
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL 2012 Report Builder 3.0 query 2 22
Where clause to fliter varchar with Characters 12 58
Use SSRS to email customers? 4 29
SQL Query 20 21
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question