locked
Multiple SPNs per instance? RRS feed

  • Question

  • Multiple Instance, Multiple Statically Assigned ports 'per' instance.  eg;

    Instance1 - ports 15000, 15001, 15002

    Instance2 - ports 16000, 16001, 16002

    Port 15000 - DatabaseA

    Port 15002 - DatabaseB

    Port 15002 - DatabaseC

    Port 16000 - DatabaseD

    Port 16001 - DatabaseE

    Port 16002 - DatabaseF

    Each 'instance' uses a different Domain User account.

    Does each port need to be registered with a server principle name?  Or is just one ok?  Ie:

    Instance1:

    setspn -A MSSQLSvc/myhost.redmond.microsoft.com:15000 microsoft\domainaccountname1

    setspn -A MSSQLSvc/myhost.redmond.microsoft.com:15001 microsoft\domainaccountname1

    setspn -A MSSQLSvc/myhost.redmond.microsoft.com:15002 microsoft\domainaccountname1

    Instance2:

    setspn -A MSSQLSvc/myhost.redmond.microsoft.com:16000 microsoft\domainaccountname2

    setspn -A MSSQLSvc/myhost.redmond.microsoft.com:16001 microsoft\domainaccountname2

    setspn -A MSSQLSvc/myhost.redmond.microsoft.com:16002 microsoft\domainaccountname2


    Friday, May 23, 2014 5:45 PM

Answers

  • Hi,

    I think you need to registry the SPN with the each different port numbers that was used by the SQL Server instance.

    Per http://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx

    A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host.

    Note: an SPN must be unique in the forest in which it is registered. If it is not unique, authentication will fail.

    Reference:

    How to Configure an SPN for SQL Server Site Database Servers

    http://technet.microsoft.com/en-us/library/bb735885.aspx

    Thanks.

    Tracy Cai
    TechNet Community Support

    • Marked as answer by tracycai Wednesday, June 4, 2014 9:28 AM
    Monday, May 26, 2014 7:04 AM