Hi,

Are your SQL Server services running under a domain account?

If you have your SQL Services running under a domain account, you register the SPN's against those services. If the account has permissions to update AD, it'll do it automatically on SQL Server restart. It'll say in the SQL Server error log whether it was successful or not. Otherwise, you can use setspn to manually register them, e.g.

setspn -S MSSQLSvc/servername.domain.com:INSTANCENAME domain\account

setspn -S MSSQLSvc/servername.domain.com:PORTNUMBER domain\account

You substitute the servername for whatever clients use to connect to your server. This can be the virtual name, or a DNS name for the virtual IP address.

To get double-hop to work, in AD, find the account you are running the SQL Server services under. On the delegation tab, select 'Trust this user for delegation to specified services only', then 'Use Kerberos Only'. Select ADD, find the domain account the SPN's are registered against, then add the services you want to trust for delegation. That's pretty much all you have to do.

It's a similar process if you're running the SQL Server services under a local machine account, except instead of doing these steps on the domain account, you do it on the machine account.