38 C
Dubai
Wednesday, August 17, 2022
spot_img

Service Principal Name is incorrect

image

If the SQL Service Account Principal name doesn’t have Domain Admins permission , You will face this error. you can give read write service principal name permission so that you can safely delegate the permission to the sql service account.

Use adsiedit –

Open Adsiedit.msc – domain (default partition) – Go to the user container

image

Security – Advanced –

Edit – Allow – Self – Special

image

Choose Write Principal Name – Apply

image

Now you can see

Edit – Allow – Self – Access (NONE)

image

Now make sure both are Checked – Read ServicePrincipalName , Write ServicePrincipalname

image

 

To force it (Don’t play on Production)– Restarting the DB Engine will re-register SPN.

Note : If you restart DB engine. It will re register every time in a SQL 2014 Cluster. So leave this permission permanent so that you don’t face SPN issues.

or the Database admin have to provide you the SPNs on every restart of the DB Engine.

 

Reference – SQL Error log –

The SQL Server Network Interface Library could not register the service principal name(SPN) for the SQL Service.Windows return cod: 0x2098 state:20. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Specialized in Microsoft Azure - Office 365 / Microsoft Exchange; conducted numerous projects worldwide in designing, supporting, and implementing messaging and virtualization infrastructure for medium-sized and large enterprises. Further, I am a Cloud Architect and Technical Advisor for various start-ups.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here