SQL Unable to register SPN for service account RRS feed

  • Question

  • I am trying to configure Kerberos authentication for a SQL2008 Default instance that runs under a domain service account.

    I have registered an SPN per the following article http://msdn.microsoft.com/en-us/library/ms191153(v=SQL.100).aspx

    Output of the command setspn -L "serviceaccountname" gives the following output:

    Registered ServicePrincipalNames for CN=SQL2008 (SYSEU),OU=SYS,OU=Users,OU=EU,OU

    As this is a cluster, servername is the network name of the SQL cluster to which clients connect.  After a restart of the server, I still get the error: 06/29/2011 14:39:59,Server,Unknown,The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098<c/> state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

    Any ideas would be mostly appreciated.

    Wednesday, June 29, 2011 1:22 PM


All replies

  • Hi,

    0x2098 suggests Windows error 8344 - Insufficient access rights to perform the operation (net helpmsg 8344 in DOS).  Could you try following the steps in Degremont Michel's blog:


    Let us know how you get on.


    • Proposed as answer by Peja Tao Friday, July 1, 2011 7:45 AM
    • Marked as answer by Peja Tao Thursday, July 7, 2011 8:30 AM
    Wednesday, June 29, 2011 1:43 PM
  • hello and sorry for not giving you feedback earlier.

    Unfortunately, no progress made following that article.  We even had a Field Engineer from MSFT onsite (not specifically for this), and he could not

    find the cause straight away either.  i have found some additonal articles from Microsoft and am planning to try those out.  will let you know how it evolves

    Monday, August 15, 2011 11:48 AM