locked
Configuring SPN for SQL Server on a cluster RRS feed

  • Question

  • Hi,

    Please consider the following setup:we have a cluster named "A001". The physical servers behind this cluster are "B001" and "C001".

    The following SQL Server instances are created:

    • A001S0 (unnamed instance)
    • A001S1\A001S1
    • A001S2\A001S2

    The servers are member of the domain "RDOMAIN". The SQL Server services are running with the domain account "RDOMAIN\SQL001".

    Which SPNs must be created so that Kerberos authentication can be used?

    Thanks in advanced,

    Chris.


    • Edited by Chris466 Wednesday, March 1, 2017 2:59 PM
    Wednesday, March 1, 2017 2:58 PM

All replies

  • Wednesday, March 1, 2017 3:14 PM
  • Are you having an actual problem?

    SPNs are created when you install SQL Server, assuming a Domain Administrator installed SQL Server.  You normally do not need to do anything.

    Wednesday, March 1, 2017 3:21 PM
  • Yes, the account which does the installation does not have the right to create objects in Active Directory and will never have these rights. So they need to be created beforehand.

    SPNs/Kerberos are not directly the most straightforward things to configure :-(

    Wednesday, March 1, 2017 3:32 PM
  • Here are the instructions for creating SPNs.  See "Manual SPN Registration":

    https://msdn.microsoft.com/en-us/library/ms191153.aspx

    Wednesday, March 1, 2017 3:43 PM
  • Thanks to all for the suggestions and the links. Now I would really appreciate the list of SPNs to be created in detail.
    Thursday, March 9, 2017 8:42 AM
  • That is documented here https://msdn.microsoft.com/en-us/library/ms191153.aspx under "Manual SPN Registration"

    For default instances:

    setspn -A MSSQLSvc/yourfullyqualifiedservername:1433 accountname  

    For named instances:

    setspn -A MSSQLSvc/yourfullyqualifedservername/instancename accountname  

    • Proposed as answer by philfactor Thursday, March 9, 2017 3:17 PM
    Thursday, March 9, 2017 2:58 PM