0

We have a three node cluster setup for AON. We are receving the below error in the log.

The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/servername.domain:port ] 
for the SQL Server service. Windows return code: 0x2098, state: 15. Failure to register a SPN might cause integrated authentication to
 use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by 
 authentication policies and if the SPN has not been manually registered.

We have understood that the service needs to be registered in the AD. However we are confused whether we need to register individual servers or the AON listener.

SQLDoctor
  • 343
  • 7
  • 16
  • It would be registered on the service account that represents the entire collection of servers. – Steve Nov 25 '19 at 16:53

1 Answers1

0

You should (regardless of how) have eight SPNs registered.

  • One for the FQDN of the AG listener name (1)
  • One for the FQDN for each of the individual replicas (3)

Then do the above again, this time adding the port that SQL is listening on (default: 1433).

Ben Thul
  • 31,080
  • 4
  • 45
  • 68
  • Sure, let me try this. Also meanwhile can you help me to verify if there is any issue if we do not proceed to register the SPN. i.e will the things work fine in NTLM until there is a double hop. – SQLDoctor Nov 26 '19 at 04:31
  • Indeed NTLM will continue to work without the SPNs. – Ben Thul Nov 26 '19 at 05:26