We are trying to connect an AD user in another trusted domain to SQL Server. We can connect using SQL Authentication but when someone tries to login with an AD account (from the other domain, not the one the SQL server is on) we get the dreaded "The target principal name is incorrect. Cannot generate SSPI context".
So SQL Server is on Domain A
Users in Domain B are trying to connect to it.
Domains have 2 way trust.
We have a valid SPN in Domain A, should that be sufficient or does there need to be a seperate SPN registered in Domain B as well with the same info?