Friday , August 7 2020

Service Principal Name is incorrect

image

If the SQL Service Account Principal name doesn’t have Domain Admins permission , You will face this error. you can give read write service principal name permission so that you can safely delegate the permission to the sql service account.

Use adsiedit –

Open Adsiedit.msc – domain (default partition) – Go to the user container

image

Security – Advanced –

Edit – Allow – Self – Special

image

Choose Write Principal Name – Apply

image

Now you can see

Edit – Allow – Self – Access (NONE)

image

Now make sure both are Checked – Read ServicePrincipalName , Write ServicePrincipalname

image

 

To force it (Don’t play on Production)– Restarting the DB Engine will re-register SPN.

Note : If you restart DB engine. It will re register every time in a SQL 2014 Cluster. So leave this permission permanent so that you don’t face SPN issues.

or the Database admin have to provide you the SPNs on every restart of the DB Engine.

 

Reference – SQL Error log –

The SQL Server Network Interface Library could not register the service principal name(SPN) for the SQL Service.Windows return cod: 0x2098 state:20. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos.

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Migration Endpoint Fails with Connection Exception

Solution –  Make sure Outlook Anywhere succeeds with test account. Make sure you enter the …

Leave a Reply

Your email address will not be published.