Topics from the Microsoft SQL Server Protocols team - Netlibs, TDS, SQL Browser, etc.
Did you know that beginning with SQL Server 2008, support for service principal names (SPNs) has been extended to enable mutual authentication across all protocols. Administators can now define their own SPNs. Thus SQL Server 2008 makes secure authentication more manageable and reliable by allowing clients to directly specify the SPN to use.
Fore more information, click here:
----Tres LondonSQL Server ProtocolsDisclaimer: This posting is provided "AS IS" with no warranties, and confers no rights
We are getting the following error:
The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.
OS is WIndows 2008 Enterprise
and SQL Server 2008
I tried to run the sql server with local admin account adn then with domain account. Both doesnt work.
Any idea of such issue on this platform?
This is an expected message if the server runs under local admin or any domain account.
If you run SQL as Network Service or Local System, then the service will have ability to self-register it's SPN.
If you run SQL as any other account, you will see this error message. If you want to use Kerberos to connect to your SQL Server, you will need to manually register the SPN for the account that SQL Server is running under using the SetSPN tool.
See this blog entry for more details:
thanks for the reply. Even if i am trying to run that thru Local System, it was giving me the same error message. Actually, i got the solution and have posted that to the msdn blog at
Don't know if you figured this out but you can use the following syntax as a complete line
Setspn -A SQLSvcs/servername/instancename:1433 domainName\ServiceName
then again using the FQDN
Setspn -A SQLSvcs/servername/instancename.domainname.com:1433 DomainName\ServiceName
Every time you setup an spn you need to do both.
Will a servername length greater than 15 characters prevent the SPN registration? If so, is there a definitive statement of how servername length enters into this?