none
Cannot generate SSPI context

    Question

  • I had the SQL ready and the WFE waiting to be configured. When I ran the product configuration wizard, I got the "AnswerCannot connect to database master at SQL server" error. I had all the windows firewall disabled. After further checking, I found that when I try to connect to the SQL using management studio from another machine, I received the "Cannot generate SSPI context" error. I was using a domain user account for the SQL service account. The problem persisted when I change the SQL service account to another domain user account. Finally, I made the SQL service to run as Network Service and the problem was solved.

    What was causing this problem? Is it ok to run the SharePoint SQL service using the Network Service account? 


    Tuesday, May 10, 2011 12:09 PM

All replies

  • From a SharePoint point of view, you can run SQL service with what account you prefer. SharePoint only needs to access a few databases with some service accounts.

    For the aforementioned error ("Cannot generate SSPI context") you could look at http://support.microsoft.com/kb/811889/en-us and http://social.msdn.microsoft.com/Forums/en/sqlintegrationservices/thread/3fcb28cc-da82-49f6-bf7e-f54c50643051 and maybe look in the event viewer/SQL logs for more details.

    PS: can you connect with SQL manager from a different box? Are the communication problems between the SQL and the DC?


    Florin DUCA
    MCITP Enterprise Admin, MCSE 2003 +Sec, MCITP/MCPD SP 2010, MCTS conf/dev WSS3/MOSS, MCPD ASP.Net 3.5, MCTS ISA 2006
    Logica Business Consulting, France
    Tuesday, May 10, 2011 12:33 PM
  • The same SSPI context error when I connect to the SQL running on domain user account from a different box. I am not sure whether the SQL and DC are having communication problem.

    I use another domain user account for SQL reporting services in SharePoint integrated mode. Will it be affected? Should I use the Network Service account to run the SQL reporting services as well?

    Wednesday, May 11, 2011 8:06 AM
  • Try a quick test by running "gpupdate" on the SQL box and the machine where you have SQL management studio installed. You should see an error if there are communication problems with the DC (it's not a very good test but it's a quick one).

    Have you looked in the logs (application, setup and system event logs)? There should be some details regarding the SSPI issue context error.


    Florin DUCA
    MCITP Enterprise Admin, MCSE 2003 +Sec, MCITP/MCPD SP 2010, MCTS conf/dev WSS3/MOSS, MCPD ASP.Net 3.5, MCTS ISA 2006
    Logica Business Consulting, France
    Wednesday, May 11, 2011 8:40 AM
  • The gpupdate command run successfully on both. I am having the problem that if the SQL service is not running as a user account, it can't backup to network share.

    Do I need to use setspn to clear up something? In fact, I have tried to use another new domain user account to run the SQL service, but the same problem occured.

    Saturday, May 14, 2011 12:13 PM
  • I just have the SQL server reinstall with new server name. I can use a domain user account to run the SQL service with SharePoint connect successfully. I wonder whether I can just rename the SQL server (whenever possible) without ever bothering what the SPN is all about and troubleshooting the nasty "Cannot generate SSPI context". Can anyone confirm here with me?
    Tuesday, May 24, 2011 12:47 PM