MASSQL shows the target principal name is not correct and it is unable to generate Sspi context- What can be done to solve this problem?

246    Asked by DaniloGuidi in SQL Server , Asked on Sep 22, 2023

After a little electrical glitch when the server returned, the domain users could not use the SQL Server 2000 instance name, MASSQL. 

However, we have tried various ways to access it, especially by using SQL authentication. Some of them are: 

a. We have created a user. 

b. We have run the service by using NETWORK SERVICE account

c. We have used the local system account to run the server. 

d. Since we were getting the issue, the target principal name is incorrect. Cannot generate SSPI context, so we ensured the user running the service had an understanding of SSPI. 

e. We also tried to create a fresh domain admin account and run the service from there. 

f. We used the below-mentioned command too: 

setspn -L xsql2

Results

Registered ServicePrincipalNames for CN=MASSQL,CN=Computers,DC=ABC,DC=com:

        HOST/MYSQL

        HOST/MASSQL.ABC.COM

I ran the following command against a non-problem SQL instance:

setspn -L xensql1

Results

Registered ServicePrincipalNames for CN=XENSQL1,CN=Computers,DC=ABC,DC=com:

        WSMAN/XENSQL1

        WSMAN/XENSQL1.ABC.com

        RestrictedKrbHost/XENSQL1

        HOST/XENSQL1

        RestrictedKrbHost/XENSQL1.ABC.COM

        HOST/XENSQL1.ABC.COM

But we cannot solve the problem. So, how can the domain user log in? 

Answered by Danilo Guidi

You can use setspn-X to search for duplicate SPNs for the SQL server. You need to remove any duplicate SPNs which is not aligned with the SQL Server service account and follow the below-mentioned formula:
















Your Answer

Interviews

Parent Categories