locked
SPNs RRS feed

  • Question

  • Is there a way to check if one or more SPNs are being used by the SQL Server, or not?


    --- Best Regards, Igor Santos Twitter: @sqlsantos Blog: sqlsantos.wordpress.com

    Friday, March 1, 2013 8:15 PM

All replies

  • Friday, March 1, 2013 8:47 PM
  • Hey Don,

    Our Junior DBA created a bunch of SPNs, we didn't catch that, and now I want to clean them up, but I'm not sure which ones are being used and which one are in fact being used.

    Do you know of a way to see or know if an SPN has been used?

    Let me know if you can think of anything.

    Best Regards,

    -Igor Santos


    --- Best Regards, Igor Santos Twitter: @sqlsantos Blog: sqlsantos.wordpress.com

    Friday, March 1, 2013 10:37 PM
  • SPN are used for authentication, but not necessary that SQL is using them.  You SQL server needs following SPNs...

    Default/Named Instances with Static Port

    MSSQLSvc/SQLServer.FQDN Domain\ServiceAccount

    MSSQLSvc/SQLServer:FQDN:Port Domain\ServiceAccount

    Named Instances with Dynamic Port

    MSSQLSvc/SQLServer.FDQN Domain\ServiceAccount

    MSSQLSvc/SQLServer.FDQN:InstanceName Domain\ServiceAccount

    To get listing of active SPNs...

    SETSPN -L Domain\ServiceAccount

    Cheers!


    Mohit K. Gupta --- MCTS, MCITP, MCC2011
    My Blog OpsVault My MSDN Blog Twitter @SQLCAN

    Monday, March 4, 2013 7:16 PM
  • Just to add to the above...

    setspn -x      will search all duplicate SPNs in  the entire domain

    In order to avoid creating duplicate SPNs, please use setspn -S  

    it will not create the SPN when a one already exist.

    Thanks,
    Noam  

    Monday, March 4, 2013 9:50 PM