26 C
Dubai
Friday, March 29, 2024

Service Principal Name is incorrect

image

If the SQL Service Account Principal name doesn’t have Domain Admins permission , You will face this error. you can give read write service principal name permission so that you can safely delegate the permission to the sql service account.

Use adsiedit –

Open Adsiedit.msc – domain (default partition) – Go to the user container

image

Security – Advanced –

Edit – Allow – Self – Special

image

Choose Write Principal Name – Apply

image

Now you can see

Edit – Allow – Self – Access (NONE)

image

Now make sure both are Checked – Read ServicePrincipalName , Write ServicePrincipalname

image

 

To force it (Don’t play on Production)– Restarting the DB Engine will re-register SPN.

Note : If you restart DB engine. It will re register every time in a SQL 2014 Cluster. So leave this permission permanent so that you don’t face SPN issues.

or the Database admin have to provide you the SPNs on every restart of the DB Engine.

 

Reference – SQL Error log –

The SQL Server Network Interface Library could not register the service principal name(SPN) for the SQL Service.Windows return cod: 0x2098 state:20. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?