Problem with SPN

  • Hi all,

    This is a little of topic. A few days ago we've encountered a problem when we tried to login to a database using Windows authentication and failed doing so. However, we were able to login with SQL logins. After I googled it, I realized there was a problem with the SPN of the SQL Server. When I tried to add the SPN manually, I received an error massage that the SPN already existed. When I tried to check it using setspn –l I couldn't find it. When I tried to delete it, I did not get an error massage, but when I tried to add it again, I still received the same error massage that the name already existed. After two frustrating days, I found out, purely by accident, that the SPN was indeed registered, but connected to another user, not the one I mentioned in my setspn commands. It took me about 2 more minutes to delete it and reregister the names, this time connected the correct user.

    Although my problem was solved (again, purely by accident), I searched the net again, hoping to find a way to avoid such a problem again. I'm looking for a way to get the user connected to a SPN. Can anyone please help?

    PS please excuse my poor English, it is not my mother tongue

  • Check the SPN documentation from MS, this kb has details on SETSPN, this has details on SQL Server SPNs.

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • Thank you for your reply. Unfortunately, I did not found what I was looking for. Getspn - l displays the SPNs, but it does not display the user accounts that are attached to the services. However I can use getspn - l by trying to check common mistakes such as look for the SPNsattached to a user that is admin at another environment, or user that had been admin in the past ect. It is not the best solution, but sometimes it could help.

  • It's SETSPN not Getspn or any other variant 😉

    SETSPN -l should be run against the account the sql server service runs under, I'm assuming you know how to find this :whistle:

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply