July 13, 2021 at 8:11 am
hello ,
I am checking the SQL log error of my server and I found this error
for info I use a GMSA account to start the SQL service account
SQL Server is attempting to register a Service Principal Name (SPN) for the SQL Server service. Kerberos authentication will not be possible until a SPN is registered for the SQL Server service. This is an informational message. No user action is required.
The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/xxxxx.d20.tes.local ] for the SQL Server service. Windows return code: 0x2098, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.
The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/xxxxx.tes.local:1433 ] for the SQL Server service. Windows return code: 0x2098, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.
how to register SQL service startup accounts ?
July 13, 2021 at 5:04 pm
Sounds like you need to register your SPN's. Chances are the SQL Server service account doesn't have permission to register SPN's so you will need to use an account that has permissions to register them OR adjust the permissions so the SQL Server service account has permissions to register SPN's.
This site has a good write-up on SPN registration and what needs to be set up (delegation for example):
https://sqlwhisper.com/2020/03/09/registering-spn/
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply