SPN registration failed

  • sivaprasad

    SSCertifiable

    Points: 6183

    I have performed SQL Server 2005 installation on a account with "Local Administrator" privileges of the Server and configures the SQL Server services to start on "Local System" Account".

    Now, I have changed the SQL Server 2005 Services to a Windows domain account. The account not a domain administrator.

    On Event Viewer, below errors occurs whenever I restart the SQL Server 2005 Services.

    Event Type: Information

    Event Source: MSSQL$InstanceName

    Event Category: (2)

    Event ID: 26037

    Date: Date

    Time: Time

    User: N/A

    Computer: ComputerName

    Description:

    The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x54b. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

    For more information, see Help and Support Center at http://support.microsoft.com.

    SQL Server Error log:

    The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

    To register the SPN on Active Directory of the domain what privileges does the SQL Server Service acccount require?

    I have referred below links;

    How to make sure that you are using Kerberos authentication when you create a remote connection to an instance of SQL Server 2005

    Sivaprasad S - [ SIVA ][/url]http://sivasql.blogspot.com/[/url]

  • K. Brian Kelley

    SSC Guru

    Points: 114486

    This is a normal "error" and can be ignored. If you are not using Kerberos authentication, you can safely disregard the error and do nothing more. If you have a need for Kerberos authentication (such as you're using Kerberos delegation), you'll need a domain admin to create the SPN manually. This should get you started:

    Configuring Kerberos Authentication[/url]

    K. Brian Kelley
    @kbriankelley

  • sivaprasad

    SSCertifiable

    Points: 6183

    Thanks for the reply.

    Your article on "Configuring Kerberos Authentication" detail on SPN.

    Sivaprasad S - [ SIVA ][/url]http://sivasql.blogspot.com/[/url]

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply