In my case SCCM server with SQL server 2005 service running under local system (not recommended from SQL Server best practice) was unable to register it's spn in AD. Also, there is event for this behaviour in application log ID 26037 and source MSSQLSERVER :
The reason for this behavior is that someone (or somehow) has removed permission from the computer account where SCCM and SQL were installed to register spn :
The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.
The reason for this behavior is that someone (or somehow) has removed permission from the computer account where SCCM and SQL were installed to register spn :
From the properties of the computer account you can see that permissions for Validated write to service principal name is missing. After allowing (setting) the permission for Validated write to service principal name, spn for the SQL server was successfully registered in AD.
Thanks for demonstrating the appropriate way to do things with your scrupulous attention to detail. Good efforts! shopify app development company
ReplyDeleteYour valuable contribution is a reflection of your personal, admirable qualities. Keep it up! roses delivery dubai
ReplyDelete