Jim_K (7/7/2015)
Yes, the SPN for the listener and the node both exist and are being used to access the server. We had to create them manually because we are using domain accounts to run the SQL service. Which reminds me, I think there is a setting in Active Directory that can enable/disable the Kerberos ticket encryption level and perhaps that hasn't been set properly.....
You must use the same account for each sql service that can host the listener, this is because the SPN is bound to the user account, hence each sql server instance must use the same service account as its partners so that when the SPN fails over it continues to work
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉