May 27, 2009 at 12:11 pm
Hi,
Our windows team created an new SPN (Service Principal Name) for our Production server (SQL Server). Now the server service is running under local system.
We want to change the account from Local to Network account, for that purpose, our windows team create one SPN for this server.
I need to validate the SPN. Is there any method to validate the SPN is working correct or not?
Regards,
S.Balavenkatesh
May 27, 2009 at 12:29 pm
The query at the end of this article should help you.
http://www.sqlservercentral.com/articles/Security/65169/
A.J.
DBA with an attitude
May 27, 2009 at 12:54 pm
Hi,
Thanks for your information. But it is not specified whether the spn is working correctly or not?.
Regards,
S.Balavenkatesh
May 27, 2009 at 12:57 pm
If it's using Kerberos vs NTLM then it's working correctly.
A.J.
DBA with an attitude
May 27, 2009 at 1:19 pm
Hi,
Now the services running under local account, and it is not shoing Kerberos instead it is showing NTLM.
Kerberos is shown under local account or domain account?
If it(kerberos) is shown under domain account then will it be shown after rebooting or before rebooting the server?
Kindly advice us.
May 27, 2009 at 1:41 pm
Hi,
My server is running as a default instances. My server is using Nike\S.SQL.Beavertn-SE as a service account .
I used the following command.
setspn -L . It show following rusults.
C:\>setspn -L nike\s.sql.beavertn-se
Registered ServicePrincipalNames for CN=s.sql.beavertn-se,OU=All Users,DC=ad,DC=
nike,DC=com:
How can i check whether the SPN generated for this account or system.
Regards,
S.Balavenkatesh
May 27, 2009 at 2:37 pm
You should create the SPN for the service account. You can use adsiedit for viewing the properties of the account and viewing the SPN.
A.J.
DBA with an attitude
September 26, 2014 at 9:20 am
You can query the SPN using SETSPN -Q
Example: C:\>SETSPN -Q MsSQLSvc/*
To get all the SPN for MS SQL Server in the domain
Note: You can use the SQL Kerberos utility from Microsoft to help you correct the SPN for your instances.
http://www.microsoft.com/en-ca/download/details.aspx?id=39046
This tool will report and give you a CMD file to correct the invalid SPNs. It will also report if your Service Account is not configured to support Delegation
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply