Kerberos problems on Sql 2012 Cluster


  • Hi,

    I'm having problems configuring kerberos for Sql Server 2012 on windows server 2008 r2.

    Its a two node cluster with named instances configured to listen on a dedicated port.

    The service account is configured to use delegation and I have setup the following spn's

    MSSQLsvc/NETWORKNAME.FQDN:2375                  SERVICEACCOUNTNAME        




    When i try and connect both locally the connection seems to default to NTLM.

    Any ideas why this may be occuring?

    Friday, April 13, 2012 11:28 AM


  • Creating a spin with -s is supposed to avoid te problem.  I see you refer to connecting 'locally' and getting NTLM.   Running the following code:

    select auth_scheme 
    from sys.dm_exec_connections 
    where session_id = @@spid

    I have a SQL Server for which we have Kerberos configured:

    • Run SSMS on the server machine - the query connection returns NTLM
    • Run SSMS on my desktop computer - the query connection returns KERBEROS

    Is that what you were seeing?  If so then that is normal, but if both locations return NTLM then you have a problem.

    There is also this document written by Ming Lu to detail common Kerberos problems.

    It was written in 2006, so not fully up-to-date, but it covers many possibilities.


    • Marked as answer by Stephanie Lv Tuesday, April 24, 2012 8:23 AM
    Friday, April 13, 2012 5:34 PM

All replies