How to enable Kerberos authentication in SQL 2012
-
Tuesday, June 26, 2012 8:35 AM
How do I enable Kerberos authentication in SQL 2012? Is that just matter of creating an SPN for account running the SQL Server and SQL Server Agent services?
We have added SPNs like this
setspn -A MSSQLSvc/sql10:i01 DOMAIN-EU\SQLsvc
setspn -A MSSQLSvc/sql10.eu.paccar.com:i01 DOMAIN-EU\SQLsvcThen rebooted the server and client and afterwards run the following query to validate
select auth_scheme
from sys.dm_exec_connections
where session_id = @@spidHowever it seems still to use NTLM, so obviously we are missing something.
How do the SQL servers know that it should use Kerberos and not NTLM, do we need to make some registry adjustments?
I have followed this blog, but could not find anything wromng in our actions http://blogs.msdn.com/b/sql_protocols/archive/2005/10/12/479871.aspx
Any suggestions?
Thanks in advance!
Tofig
- Edited by Tofig Tuesday, June 26, 2012 8:35 AM
All Replies
-
Tuesday, June 26, 2012 8:40 AM
See this one
http://msdn.microsoft.com/en-us/library/ms189585(v=sql.105).aspx
Best Regards,Uri Dimant SQL Server MVP,http://sqlblog.com/blogs/uri_dimant/
-
Tuesday, June 26, 2012 8:52 AM
Thanks for you post Uri!
I do not see a clear description except:
You can use Kerberos authentication with SQL Server stand-alone instances or with SQL Server failover cluster instances. For additional information, see Registering a Service Principal Name and the Knowledge Base article, "How to use Kerberos authentication in SQL Server."
Steps in Registering a Service Principal Name seem to be same to onces I already done. As I alredy wrote this did not result in Keberos sessions... Am I missing something or did you mean something else?
The second article is about using it by means of website, that is not what I need. Instead I looked at this KB http://support.microsoft.com/kb/909801/en-us. But also this one is similar to what we already did.
Is registering SPS and reboot sufficient?
What could be wrong?Thanks in advance!
Tofig
