February 14, 2013 at 10:23 am
We have a new network person setup a new windows server that passed to me to install SQL server,
He told me he registered SPN account for the sql service account.
Is the register spn a necessary step for SQL service account?
I didn't hear the previous network person did that before other servers?
I find the article in microsoft site, but still have above question?
When should we register SPN,
P.s this server is for system center
Thanks
February 14, 2013 at 1:52 pm
Is the register spn a necessary step for SQL service account?
It is if the SQL Server service is being run as a domain account and you want clients to be able to connect using Kerberos authentication. Without the SPN you could only achieve NTLM authentication.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
February 14, 2013 at 1:57 pm
Thanks, I check with the other network admin, we do that for all SQL services.
By the way , for my workstation developer instance, I use local account, like local system of nt service account, does it automatically register SPN, I never did that on my local box?
Thanks
February 14, 2013 at 2:23 pm
By the way , for my workstation developer instance, I use local account, like local system of nt service account, does it automatically register SPN, I never did that on my local box?
For services being run as Local System, yes. SQL Server always tries to register an SPN for the service at startup. Most domain accounts do not have that authority into Active Directory though so it fails. Check your SQL Error Log for a log entry that looks kind of like this:
The SQL Server Network Interface library successfully registered the Service Principal Name (SPN) [ MSSQLSvc/machineName:instanceName ] for the SQL Server service.
If it had failed, like if you change to use a domain account that does not have permissions to register an SPN, then you would see a failure message. This is why your network admins manually register the SPN for the domain account manually, because the account likely does not have enough permissions to automatically register itself when SQL Server starts.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply