ERROR:
The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.
EXPLANATION:
You receive this error because you are trying to make an SPN record from Active Directory when the SQL Server service that is running with a Windows Domain account does not have the necessary privileges.
SOLUTION:
First, I recommend that you make sure that the connection you make to the server is NTLM or KERBEROS; you can see it by running the following code on the corresponding server:
1 |
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@SPID |
If the result returned is KERBEROS, it means that SPN records are already present in the related server in Active Directory; if the returned result is NTLM, then the SPN record is not available.
In this case, you can create SPN records according to your company organization, you can also ask the system administrators to do so.