SQL 2012 on Server 2012 Kerberos error

I was challenged when standing up a new SharePoint 2013 farm.  My front-end servers could not connect to the SQL 2012 server.  I was getting this error: 

The target principal name is incorrect. Cannot generate SSPI context.

and 

Unknown SQL Exception 0 occurred. Additional error information from SQL Server is included below

This brand new server build and SQL 2012 installation was installed on Server 2012.  I don't think the versions matter to this issue, though.  I was able to connect with the SQL server authentication using the SA account, but not with Windows authentication.  All the permissions were set up correctly.

This error indicates a Kerberos error.  I didn't need to use Kerberos.  Somehow, either through my efforts or as part of the basic install, SPNs were set up on the computer account in AD.  I tried using the Users and Computer snap-in to verify there were no SPNs and the list on the Delegation tab was empty.


After toiling to no avail with other avenues, I ran the command line SETSPN and it showed a list of SPNs on my SQL host.

C:\>setspn -L

WSMAN/SQL2012
WSMAN/SQL2012.hc.org
MSSQLSvc/SQL2012.hc.org
MSSQLSvc/SQL2012.hc.org:1433
TERMSRV/SQL2012.hc.org
TERMSRV/SQL2012
RestrictedKrbHost/SQL2012
HOST/SQL2012
RestrictedKrbHost/SQL2012.hc.org
HOST/SQL2012.hc.org

I deleted the SQL registrations with this command:

C:\> setspn -D MSSQLSvc/SQL2012.hc.org

C:\> setspn -D MSSQLSvc/SQL2012.hc.org:1433

I restarted the SQL services and they wouldn't restart due to Logon Failure.  I set the services to use a local account and it worked.  I was able to connect to SQL remotely.

Solution was to use a local system account on the SQL services after deleting the SPNs.


Comments

Popular posts from this blog

Robocopy Error 31 A device attached to the system is not functioning

Exchange 2010 event errors 2601, 2604, 2501

ADMT fails to migrate SID History