Jump to content


Search the Community

Showing results for tags 'kerberos'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
    • Windows 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Official Forum Supporters
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Windows Server General
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

Found 1 result

  1. I have one SQL server that is complaining about missing SPN principals. SCOM monitoring is saying SQL can't authenticate using Kerberos because it's missing the SPNs "MSSQLSvc/[server.domain.tld]:1433" and "MSSQLSvc/[server.domain.tld]". It's the default instance. This doesn't seem specific to SQL. I attempted to list SPNs in use with klist and setspn. klist will give me a list for the currently logged-on user, but setspn -L will fail, claiming this: C:\> setspn -L username@domain.tld FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525 Could not find account username@domain.tld I'm also seeing odd security log entries, telling me the failure reason is "Account currently disabled," when it is not. The logon failures use Kerberos for the authentication package where the logon successes use NTLMv2. The setspn failure occurs on a domain-joined Windows 7 PC as well as on my affected SQL server. I can't list SPNs for any domain user account or domain computer account. I can log on using a username@domain.tld username from a console or remote desktop. Kerberos seems to work on at least two non-Windows PCs; there are two MacOS X 10.8 PCs that use Outlook 2011 and they log on to Exchange using Kerberos; the users log on to the domain from the MacOS logon screen and they get a Kerberos SPN they can select from Outlook. --
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.