SQL 2008 Cluster Installation - SPN Issue

  • Dear All,

    I am trying to setup a 2-Node SQL 2008 Cluster on Windows 2008R2 (64-bit) using the sliptstream (SP3). I am getting the following error in the end:

    The cluster resource 'SQL Server' could not be brought online. Error: The group or resource is not in the correct state to perform the requested operation. (Exception from HRESULT: 0x8007139F)

    When I check the SQL Server log, I see the following:

    The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication

    Below is the output of setspn command that suggests SPN is registered:

    D:>setspn -L <Domain Name>\<Service Account Name>

    Registered ServicePrincipalNames for CN=<Service Account Name>,OU=Services Accounts,DC=<Domain Name>,DC=<Suffix of Domain Name>

    Can you please guide me how to resolve this issue?


  • Does the service account you are starting SQL Server with have the "Write Public Information" privilege in Active Directory?

  • riazjee-993186 (9/22/2015)

    Dear All,

    I am trying to setup a 2-Node SQL 2008 Cluster on Windows 2008R2 (64-bit) using the sliptstream (SP3). I am getting the following error in the end:

    The cluster resource 'SQL Server' could not be brought online. Error: The group or resource is not in the correct state to perform the requested operation. (Exception from HRESULT: 0x8007139F)

    When I check the SQL Server log, I see the following:

    The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication

    Below is the output of setspn command that suggests SPN is registered:

    D:>setspn -L <Domain Name>\<Service Account Name>

    Registered ServicePrincipalNames for CN=<Service Account Name>,OU=Services Accounts,DC=<Domain Name>,DC=<Suffix of Domain Name>

    Can you please guide me how to resolve this issue?


    The failure to register an SPN will not stop the SQL server resource from coming online.

    Check your windows event logs and sql error log for any errors. My guess is the networkname has failed to come online, possibly due to permissions issues


    "Ya can't make an omelette without breaking just a few eggs" 😉

  • Detailed investigation showed it was a permission issue in the Active directory. We were getting following error in even viewer:

    Start of Logs

    Cluster network name resource 'SQL Network Name (SQL Cluster Name)' failed to create its associated computer object in domain 'Domain Name' for the following reason: unable to update the password for computer account.

    The text for the associated error code is: Access is denied.

    Please work with your domain administrator to ensure that:

    - The cluster identity 'Windows Cluster Name$' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed.

    - The quota for computer objects has not been reached.

    - If there is an existing computer object, verify the Cluster Identity 'Windows Cluster Name$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.

    End of Logs

    We consulted with our system team and the following link and were able to resolve the issue


    Thank you.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply