Friday, April 13, 2012 11:28 AM
I'm having problems configuring kerberos for Sql Server 2012 on windows server 2008 r2.
Its a two node cluster with named instances configured to listen on a dedicated port.
The service account is configured to use delegation and I have setup the following spn's
When i try and connect both locally the connection seems to default to NTLM.
Any ideas why this may be occuring?
Friday, April 13, 2012 1:19 PM
One possibility is that you have wound up with a duplicate SPN in your environment. This prevents Kerberos from working on the affected machines. You might find the following links helpful in searching for and resolving (if necessary) the problem.
Friday, April 13, 2012 2:09 PM
thanks for the response russell.
I created the spn with -s flag and i just checked again. There appear to be no duplicate spn's.
Friday, April 13, 2012 5:34 PM
Creating a spin with -s is supposed to avoid te problem. I see you refer to connecting 'locally' and getting NTLM. Running the following code:
select auth_scheme from sys.dm_exec_connections where session_id = @@spid
I have a SQL Server for which we have Kerberos configured:
- Run SSMS on the server machine - the query connection returns NTLM
- Run SSMS on my desktop computer - the query connection returns KERBEROS
Is that what you were seeing? If so then that is normal, but if both locations return NTLM then you have a problem.
There is also this document written by Ming Lu to detail common Kerberos problems.
It was written in 2006, so not fully up-to-date, but it covers many possibilities.
- Marked As Answer by Stephanie LvModerator Tuesday, April 24, 2012 8:23 AM