I am having trouble with my SQL server not using Kerberos. I read Brian Kelly's article on sqlservercentral.com, but I STILL have problems...
Here's our setup:
SQL Server 2008 R2
Named instance using a static port
Windows 2008 R2.
The server is is in DomainX.
Our network admin manually registered the SPN for the DomainQ via this command:
setspn -A MSSQLSvc/servername.DomainX:port# DomainQ\SQLID
When I ran setspn -L DomainQ\SQLID, the spn was showing
However, the sql log still showed an error that it couldn't register the SPN. When I checked sys.dm_exec_connections, it showed NTLM authentication.
So then our network admin manually registered the SPN for the X domain via these 2commands:
setspn -A MSSQLSvc/servername.domainX:port# DomainX\SQLID
That gave a little bit of progress.
The sql log showed that it successfully registered the Service Principal Name!! It showed the instance name instead of the port number. Not sure if that matters, but I took that as a good sign.
However, when I checked sys.dm_exec_connections using SSMS, it showed NTLM authentication. (sigh)
We also ran the following: setspn -A MSSQLSvc/servername:port# DomainX\SQLID
I don't know if a server restart is needed, but I did. That didn't help. Plus, the service didn't automatically restart.
I didn't see any obvious entries in the event viewer logs.
What else do I need to try to get it to use Kerberos? Are there Active Directory settings for the SQLID that need to change? Are there Kerberos settings that need to change? Is there something in the registry?
Any help would be appreciated.