SQL 2000 cluster, "cannot generate SSPI context", SPN entries

SQL 2000 cluster, "cannot generate SSPI context", SPN entries

Post by Brian » Thu, 22 Mar 2007 23:00:10


I have a problem with a Windows 2000 two node active/active cluster.

TCP/IP connectivity to one of the nodes fails with "Cannot generate SSPI
context." The other node is fine.

I know this is typically an SPN error, but I'm unsure what the SPN
listings should look like in active directory in a clustered environment.

Should I see SPNs for the cluster node names, or just the cluster name,
or for the cluster's SQL server network names?

Brian K
 
 
 

SQL 2000 cluster, "cannot generate SSPI context", SPN entries

Post by Russ Kaufm » Thu, 22 Mar 2007 23:49:04


I would suggest upgrading to a properly supported configuration as soon as
possible.


--
Russ Kaufmann
MVP - Windows Server - Clustering
ClusterHelp.com, a Microsoft Certified Gold Partner
Web http://www.yqcomputer.com/
Blog http://www.yqcomputer.com/

 
 
 

SQL 2000 cluster, "cannot generate SSPI context", SPN entries

Post by Brian » Thu, 22 Mar 2007 23:54:13


Mistype.

SQL Server 2000.

Windows Server 2003.
 
 
 

SQL 2000 cluster, "cannot generate SSPI context", SPN entries

Post by K. Brian K » Sat, 24 Mar 2007 09:51:11

You should see
MSSQLSvc/<virtual server name>
MSSQLSvc/<virtual server name>.<rest of FQDN>
MSSQLSvc/<virtual server name>:<port>
MSSQLSvc/<virtual server name>.<rest of FQDN>:<port>

For instance:

MSSQLSvc/SQLSERVER
MSSQLSvc/SQLSERVER.MyDomain.Com
MSSQLSvc/SQLSERVER:1433
MSSQLSvc/SQLServer.MyDomain.Com:1433

You should only one of each of these entries and they should belong to the
service account under which SQL Server is running.

More here: http://www.yqcomputer.com/

This one doesn't show the NetBIOS name (the virtual server name with the
rest of the fully qualified domain name), but it is cited here:

http://www.yqcomputer.com/

We normally put SPNs in for the NetBIOS name as well.


K. Brian Kelley, brian underscore kelley at sqlpass dot org
http://www.yqcomputer.com/