The target principal name is incorrect. Cannot generate SSPI context."
Here is the troubleshooting step I used
1. Rollback service startup account to old one, then the powershell script work. so it should be the issue with the new account.
2. Start sql server service again with new account. check sql server error log, then found error message in it
2013-01-20 00:53:36.49 Server The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.
- 8344 (0x2098)
- Insufficient access rights to perform the operation.
- Click Start, click Run, type Adsiedit.msc, and then click OK.
- In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN= AccountName, and then click Properties.
- In the CN= AccountName Properties dialog box, click the Security tab.
- On the Security tab, click Advanced.
- In the Advanced Security Settings dialog box, select one of "SELF"'s row just like the pic below