Interesting Kerberos Error Related to SQL Server from MOSS

Published 27 June 08 10:27 AM | shawnfel 

So we setup Kerberos on SharePoint using one of the many guides out there.  Everything worked great but SQL Server was returning KDC_ERR_S_PRINCIPAL_UNKOWN which is typical.  So we registered an SPN for SQL Server using "Setspn -A MSSQLSvc/sqlboxhostname:1433 domain\sqlserviceaccount" and "Setspn -A MSSQLSvc/sqlboxfqdn:1433 domain\sqlserviceaccount". 

Here's where the fun starts.  We start receiving Cannot generate SSPI context errors from sharepoint and KRB_AP_ERR_MODIFIED errors from kerberos logging.

So after a lot of searching we found that the error was staring us in the face.  We had named the sql service account the same as the machine name.  When they are the same name kerberos gets confused about the SPN.  So the fix was to rename the sql service account and redo the SPNs.  After rebooting all of the MOSS boxes, everything worked. 

Technorati Tags: ,
Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
(optional)
(required) 

  
Enter Code Here: Required

About shawnfel

I'm a consultant for Microsoft Consulting Services specializing in SharePoint and BI Products. I've been with Microsoft since 03/2006. The opinions expressed herein are my own personal opinions and do not represent my employer's views in anyway.

Search

This Blog

Syndication

Twitter Updates

    follow me on Twitter

    LinkedIn

    About Me

    I'm a consultant for Microsoft Consulting Services specializing in SharePoint and BI Products. I've been with Microsoft since 03/2006.

    Alias: shawnfel

    The opinions expressed herein are my own personal opinions and do not represent my employer's views in anyway.

    Page view tracker