February 25, 2019 at 6:26 pm
I have 3 SQL 2016 instances recently built on a WS 2016. The SQL Services run under domain accounts which are different for each instance.
For all instances, SPNs are not registered during start up, KERBEROS is not expected/required and connections are made in NTLM.
From another server (same domain), Windows and SQL connections are successful for the 2 named instances (under NTLM).
However, for the default instance we get the error: "Cannot generate SSPI context" when trying to connect with a Windows connection. SQL connections are OK.
Please help.
March 2, 2019 at 3:39 am
Why would you not want Kerberos connections? If I were you I would suggest either setting SQL on the instances to use either virtual accounts or if you want a domain based account look into managed service accounts. Both solutions can help manage your SPNs for you and you don't have to worry about password resets any longer.
What accounts are running different instances?
Joie Andrew
"Since 1982"
March 2, 2019 at 4:39 pm
Resolved.
If no SPN is registered in AD, NTLM authentication will be used. If there is an SPN registration error or multiple accounts have registered this SPN, then the login will fail (i.e. it will not proceed to NTLM authentication).
I suggest you use Kerberos Configuration Manager for the default instance to check if there are incorrect or duplicate SPNs present. The download link :https://www.microsoft.com/en-us/download/details.aspx?id=39046
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply