This article help to resolve,
How to troubleshoot service principal name issue? | The SQL Server Network Interface library could not register the Service Principal Name (SPN) in SQL Server
What is SPN?
In SQL Server, the Service Principal Name (SPN) is a unique identifier used to associate a service instance with a specific domain account. It is used by the Kerberos authentication protocol to authenticate the service instance and ensure it has authorization to access resources on behalf of the domain account.
The SPN is composed of two parts: the service class and the host name. The service class identifies the type of service, such as “MSSQLSvc” for SQL Server, while the host name is the fully qualified domain name (FQDN) of the server running the service instance. Together, the service class and host name create a unique identifier for the service instance.
How to troubleshoot service principal name issue? | The SQL Server Network Interface library could not register the Service Principal Name (SPN) in SQL Server
Sometime you will get below errors related to SPN which does not allow to connect SQL Server using windows authentication.
The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/hostname.com:59859 ]
for the SQL Server service. Windows return code: 0x200b, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos.
This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the
SPN has not been manually registered.To resolve this issue you need use Microsoft® Kerberos Configuration Manager for SQL Server®.
Microsoft Kerberos Configuration Manager for SQL Server is a diagnostic tool that helps troubleshoot Kerberos related connectivity issues with SQL Server, SQL Server Reporting Services, and SQL Server Analysis Services.
Download Microsoft Kerberos Configuration Manager
You need to download this utility to check if there are any SPN related issue and we can fix it.
Once you download utility you need to install it on server and run the utility. This will scan all services related to SQL Server and service account and it will provide report of all the account and if there are any warning or errors.
Software get installed on : C:\Program Files\Microsoft\Kerberos Configuration Manager for SQL Server
Step 1 : Run KerberosConfigMgr from above path.This will open below window
Step 2 : Click on Connect. If you are running on same machine then no details required. If this is for remote machine use FQDN and Domain user Name and Password
Step 3 : Once you click on connect tool will gather SPN related information and show it in window like below
Step 4 : Click on SPN tab and it will show all SPN entries along with status. We need to fix missing or misplaced SPN entries. In window it will also show FIX option. You can either FIX one by one or Click FIX ALL Note : User need to be domain administrator to perform this activity else you will receive
Step 5 : Once you click FIX ALL all SPN entries will be fixed and you will see status GOOD for all those missing entries when you re run KerberosConfigMgr
If you want to setup SPN manually you can do it using setspn.exe utility that comes with Windows to manage SPNs for different services and accounts or use the SQL Server Configuration Manager to configure the SPN for a SQL Server instance.
setspn -A MSSQLSvc/DESKTOP-SFVAGSQ.com:59859In conclusion, the Service Principal Name (SPN) in SQL Server is a vital component of Kerberos authentication. It provides a unique identifier for a service instance and ensures secure and efficient remote connections to SQL Server. Proper configuration of the SPN is essential for enabling secure and efficient remote connections to SQL Server.