locked
SPN Fun RRS feed

  • Question

  • I understand either in SQL 2008 or SQL 2008 R2, the SQL engine will attempt to register the SPN automatically on startup, however in the instance I'm experiencing this error

    "The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0xd, state: 13. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies."

    This isnt the exact error code however the error code indicates that it doesnt have permissions in the AD which is correct.  However the SPN already exists as it was created manually and kerberos authentication is working.

    Previously accounts always had the correct permissions so didnt notice this error before however I find it strange that SQL doesnt first check that the SPN already exists and  skip the SPN create process.

    Thursday, March 22, 2012 5:02 AM

Answers

  • This warning can be ignored if the SPN already exists.    This is completely normal and expected if the service is not running under a domain admin (or specific rights) account.
    • Proposed as answer by John Sansom Thursday, March 22, 2012 9:37 PM
    • Marked as answer by Ron - Micatio Friday, March 23, 2012 1:18 AM
    Thursday, March 22, 2012 6:00 PM

All replies

  • Hi Ron aka Rapit.net,

    Could you please check If the SPN for this SQL Server instance is still listed by setspn –l? For more information, please see Viewing SPNs section.

    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Stephanie Lv

    TechNet Community Support

    Thursday, March 22, 2012 7:29 AM
  • Try out below ways.

    1. check whether spn is listed

         SETSPN -L MSSQLSvc/SERVERNAME.YOURDOMAIN:PORTNUMBER Domain\Accountname

    2.http://blogs.technet.com/b/kevinholman/archive/2007/12/13/system-center-operations-manager-sdk-service-failed-to-register-an-spn.aspx

    3. Re-insert the Service account and password for SQL Services through SQL Server Configuration Manager. Keep in mind this will require restart of sql server services.


    Please Vote & "Mark As Answer" if this post is helpful to you. Cheers Prakash Nandwana Bangalore , India


    Thursday, March 22, 2012 12:41 PM
  • This warning can be ignored if the SPN already exists.    This is completely normal and expected if the service is not running under a domain admin (or specific rights) account.
    • Proposed as answer by John Sansom Thursday, March 22, 2012 9:37 PM
    • Marked as answer by Ron - Micatio Friday, March 23, 2012 1:18 AM
    Thursday, March 22, 2012 6:00 PM
  • Thank Tom,

    Its a bit silly that the SQL Engine developers didnt check if the SPN already exists before trying to register the SPN again. unnecessary errors logged in ErrorLog.

    Yes its a domain account without the AD rights for write SPN's.


    Thursday, March 22, 2012 9:26 PM
  • Yes, I agree, but that is how it is.
    Thursday, March 22, 2012 9:32 PM