I am using SQL Server 2014 and Windows Server 2012
I am getting an SPN failed to register in my SQL Logs on several of my servers.
The message is:
The SQL Server Network Interface library could not register the Service Principal Name (SPN) [MSSQLSvc/Servername.DomainName:InstanceName ] for the SQL Server service. Windows return code: 0x200b, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.
I checked all my servers and found that a few servers are successfully registering the SPN and using Kerberos, but several are not registering the SPN successfully and using NTLM.
All the servers are using the Virtual Service Account - which is considered a local account
I suspect the problem is permission in Active Directory, so I checked the ADSIedit, but do not see the accounts domain\server$ witch is the account the virtual service account translates to
I guess I would need to see the difference between the servers that work and the servers that do not work, but what would I check.
I know I could manually register the SPN, but hoped I do not have to do this. Is manually registering the SPN a by product of using SQL Virtual Service Accounts. I hope not. I love not having to deal with the permission or the passwords
Any help is appreciated.