How to resolve SSPI context error without changing Service Account from MSSQL

Question

How to resolve SSPI context error without changing Service Account from MSSQL

There is a issue while connecting from new Windows 8.1 Clients to SQL Server 2008 running on Windows Server 2008 R2. The SQL Service running under account Domain\mssqlservice on a machine thats works fine I get this output from setspn -l domain\mssqlservice

C:\>setspn -l domain\mssqlservice 
Registrierte Dienstprinzipalnamen
(SPN) für CN=MSSQLService,CN=Users,DC=domain, DC=local,DC=tld:
        MSSQLSvc/mssql.domain.local.tld:1433
        MSSQLSvc/mssql.domain.local.tld
        MSSQLSERVER/mssql.domain.local.tld:1433

On a windows 8.1 machine that don't work I get this output:

C:\>setspn -l domain\msssqlservice 
FindDomainForAccount: Fehler beim
Aufrufen von DsGetDcNameWithAccountW mit dem R ückgabewert 0x0000054B.
Konto kockiren wurde nicht gefunden.

On this Post I found a solution but, I can't change the Service Account who runs the SQL Service. Some application need this service delegation. But how I can realize that it works on my Windows 8.1 Clients?

active-directory

windows-server-2008-r2

sql-server

sql-server-2008

windows-8.1

asked on Server Fault Mar 24, 2014 by

kockiren • edited Mar 24, 2014 by

kockiren

1 Answer

I don't know if this fix works for everyone, but deleting all the SPNs with MSSQLSvc fixed it for me.

setspn -d [spn name] [server name]

With this you don't have to run it as local system. You can run it with a domain account.

answered on Server Fault Jun 10, 2014 by

JStead • edited Jun 10, 2014 by

squillman

User contributions licensed under CC BY-SA 3.0