SQL Server - Kerberos Authentication and SPN Question

Hi Experts,

I have a SQL Server than I am trying to force Kerberos Authentication. I followed the below link to setspn:

http://technet.microsoft.com/en-us/library/bb735885.aspx

Even after setting it and restarting, it still uses NTLM. The stange part here is that when I change it to run under local system account, it still uses NTLM instead of Kerberos.

Any pointers to resolve this issue and make it use Kerberos Authentication.

Thanks,
LVL 4
rocky_lotus_newbieAsked:
Who is Participating?
 
Ryan McCauleyConnect With a Mentor Data and Analytics ManagerCommented:
Getting your SPN just right is a huge pain - it caused us tons of headaches when we first started moving to Kerberos years ago. Here are some things that tripped us up:

Do you have your SPN set up using just the servername, or using the FQDN of the server (server.domain.local, or whatever you have there)? I believe SQL Server uses the FQDN, but we always set up both.
Is your SPN set up for the account running your SQL Server service? For example, we run all our SQL Server services as OURDOMAIN\SQL_Proxy - is that the account that you've created the SPN for?

Also, is it possible that you've grantd duplicate SPNs during all your testing? That can cause Kerberos to stop working as well - here's the resolution to that:

http://blogs.msdn.com/b/darwin/archive/2005/10/19/482593.aspx

Also, are there are entries in the event log on your server or your client that suggest that Kerberos isn't working properly on your domain? Either logins that have been attempted by SPNego (negotiation) failed, or some other Kerberos errors? Do you have other services on your network that you know are using Kerberos properly, or is this the first service you're adding that's using it?

Best of luck, and I hope that you can find a resolution!
0
 
Eugene ZCommented:
can you post what sql server version do you use?
did you get any errors?
are you still using windows 4 ?
0
All Courses

From novice to tech pro — start learning today.