June 27, 2023 at 2:16 pm
Does anyone know how to list the SPN for the NT Service\MSSQLServer account ?
I've created the following combinations and nothing is working
setspn -L MSSQLSERVER
setspn -L NT Service\MSSQLSERVER
setspn -L "NT Service\MSSQLSERVER"
setspn -L 'NT Service\MSSQLSERVER'
When the VM was created via terraform the NT Service\MSSQLSERVER account was used to run the service , now we've change the account to a domain account was are encountering SPN/kerberos issue.
Just trying to do a before and after on setting the SPN. Wondered if anyone knew how to list the SPN for NT Service\MSSQLSERVER
June 27, 2023 at 5:54 pm
I don't believe an SPN would be created for those accounts - they are local to that machine only.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
June 28, 2023 at 6:13 am
when using the NT Service account the SPN's are created under the COMPUTER account.
setspn -L "computername$" will give the specific SPN's that were set.
but... if you already changed the account to be a domain one, the SPN's will be gone and won't be listed.
assuming you are using the right type of account (MSA or GMSA) then just set the accounts with perms to do automatic SPN registration and you won't have any issues or worries.
June 30, 2023 at 1:18 pm
In some cases in our environment:
This cmd did not work: C:\setspn -L ourServername.domainname.com
This cmd did work: C:\setspn -Q MSSQLSvc/ourServername.domainname.com
July 3, 2023 at 8:57 am
Take a look at Kerberos Configuration Manager for SQL Server. It can report configurations and identify potential problems with SPNs and delegation. Even generate scripts.
July 3, 2023 at 9:31 am
Thank you all very much indeed for your help.
It was very useful.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply