June 28, 2015 at 7:01 am
Hi all,
This is a little of topic. A few days ago we've encountered a problem when we tried to login to a database using Windows authentication and failed doing so. However, we were able to login with SQL logins. After I googled it, I realized there was a problem with the SPN of the SQL Server. When I tried to add the SPN manually, I received an error massage that the SPN already existed. When I tried to check it using setspn –l I couldn't find it. When I tried to delete it, I did not get an error massage, but when I tried to add it again, I still received the same error massage that the name already existed. After two frustrating days, I found out, purely by accident, that the SPN was indeed registered, but connected to another user, not the one I mentioned in my setspn commands. It took me about 2 more minutes to delete it and reregister the names, this time connected the correct user.
Although my problem was solved (again, purely by accident), I searched the net again, hoping to find a way to avoid such a problem again. I'm looking for a way to get the user connected to a SPN. Can anyone please help?
PS please excuse my poor English, it is not my mother tongue
June 29, 2015 at 9:06 am
Check the SPN documentation from MS, this kb has details on SETSPN, this has details on SQL Server SPNs.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
June 30, 2015 at 7:54 am
Thank you for your reply. Unfortunately, I did not found what I was looking for. Getspn - l displays the SPNs, but it does not display the user accounts that are attached to the services. However I can use getspn - l by trying to check common mistakes such as look for the SPNsattached to a user that is admin at another environment, or user that had been admin in the past ect. It is not the best solution, but sometimes it could help.
July 1, 2015 at 4:56 am
It's SETSPN not Getspn or any other variant 😉
SETSPN -l should be run against the account the sql server service runs under, I'm assuming you know how to find this :whistle:
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply