Service Principal Name is incorrect


If the SQL Service Account Principal name doesn’t have Domain Admins permission , You will face this error. you can give read write service principal name permission so that you can safely delegate the permission to the sql service account.

Use adsiedit –

Open Adsiedit.msc – domain (default partition) – Go to the user container


Security – Advanced –

Edit – Allow – Self – Special


Choose Write Principal Name – Apply


Now you can see

Edit – Allow – Self – Access (NONE)


Now make sure both are Checked – Read ServicePrincipalName , Write ServicePrincipalname



To force it (Don’t play on Production)– Restarting the DB Engine will re-register SPN.

Note : If you restart DB engine. It will re register every time in a SQL 2014 Cluster. So leave this permission permanent so that you don’t face SPN issues.

or the Database admin have to provide you the SPNs on every restart of the DB Engine.


Reference – SQL Error log –

The SQL Server Network Interface Library could not register the service principal name(SPN) for the SQL Service.Windows return cod: 0x2098 state:20. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos.

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Embed Power BI content with Service Principal

You can embed power BI into any web-based solution you want. where you use an …

Leave a Reply

Your email address will not be published.