Remove From My Forums

Service accounts and SPNs

Question
0

Sign in to vote

I need a refresher on Kerberos service principal names (SPNs). What I need to know is, during SQL Server install, when prompted for service accounts, does that register SPNs for the service account in Active Directory? Thx.

Friday, July 20, 2018 3:31 AM

Answers

1

Sign in to vote
I guess it should be, plus I believe what you are looking is in below article

Register a SPN for SQL Server Authentication with Kerberos
Cheers,

Shashank
Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

My TechNet Wiki Articles
MVP
- Proposed as answer by Teige Gao Friday, July 20, 2018 9:03 AM
- Marked as answer by Olaf HelperMVP Saturday, November 10, 2018 6:49 AM
Friday, July 20, 2018 6:43 AM
1

Sign in to vote
Hi District9,

As mentioned in the document: https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-2017#Auto

When an instance of the SQL Server Database Engine starts, SQL Server tries to register the SPN for the SQL Server service. When the instance is stopped, SQL Server tries to unregister the SPN.

For a TCP/IP connection the SPN is registered in the format MSSQLSvc/<FQDN>:<tcpport>.Both named instances and the default instance are registered as MSSQLSvc, relying on the <tcpport> value to differentiate the instances.

Manual intervention might be required to register or unregister the SPN if the service account lacks the permissions that are required for these actions.

Here is a blog discussing about this, please refer to it: https://blogs.msdn.microsoft.com/psssql/2010/03/09/what-spn-do-i-use-and-how-does-it-get-there/

Best Regards,

Teige

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
- Edited by Teige Gao Friday, July 20, 2018 9:23 AM
- Proposed as answer by Mohsin_A_Khan Sunday, July 22, 2018 9:08 PM
- Marked as answer by Olaf HelperMVP Saturday, November 10, 2018 6:49 AM
Friday, July 20, 2018 9:09 AM

All replies

1

Sign in to vote
I guess it should be, plus I believe what you are looking is in below article

Register a SPN for SQL Server Authentication with Kerberos
Cheers,

Shashank
Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

My TechNet Wiki Articles
MVP
- Proposed as answer by Teige Gao Friday, July 20, 2018 9:03 AM
- Marked as answer by Olaf HelperMVP Saturday, November 10, 2018 6:49 AM
Friday, July 20, 2018 6:43 AM
1

Sign in to vote
Hi District9,

As mentioned in the document: https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-2017#Auto

When an instance of the SQL Server Database Engine starts, SQL Server tries to register the SPN for the SQL Server service. When the instance is stopped, SQL Server tries to unregister the SPN.

For a TCP/IP connection the SPN is registered in the format MSSQLSvc/<FQDN>:<tcpport>.Both named instances and the default instance are registered as MSSQLSvc, relying on the <tcpport> value to differentiate the instances.

Manual intervention might be required to register or unregister the SPN if the service account lacks the permissions that are required for these actions.

Here is a blog discussing about this, please refer to it: https://blogs.msdn.microsoft.com/psssql/2010/03/09/what-spn-do-i-use-and-how-does-it-get-there/

Best Regards,

Teige

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
- Edited by Teige Gao Friday, July 20, 2018 9:23 AM
- Proposed as answer by Mohsin_A_Khan Sunday, July 22, 2018 9:08 PM
- Marked as answer by Olaf HelperMVP Saturday, November 10, 2018 6:49 AM
Friday, July 20, 2018 9:09 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Service accounts and SPNs

Question

Answers

All replies