System Center 2012 and making sure your SQL SPN’s are correctly auto registering

May 21, 2012 at 11:41 am in Uncategorized by Kenny Buntinx [MVP]

Did you ever got the following message after installing your SQL server 2008 R2 / 2012 for a System Center 2012 Product?

“SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.”

You could do 2 things :

Register the SPN manually.

See for more details –>

Register the SPN automatically:

To configure the SQL Server service to create SPNs dynamically when the SQL Server service starts, follow the following steps:

Click Start, click Run, type Adsiedit.msc, and then click OK.
In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN= AccountName , and then click Properties.

You have specified a domain user account (In my example SQLrunnerPRO) to start the SQL Server service, AccountName is a placeholder for the domain user account.
In the CN= AccountName Properties dialog box, click the Security tab.
On the Security tab, click Advanced.
In the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries. If SELF is not listed, click Add, and then add SELF.

Under Permission entries, click SELF, and then click Edit.
In the Permission Entry dialog box, click the Properties tab.
On the Properties tab, click This object only in the Apply onto list, and then click to select the check boxes for the following permissions under Permissions:
Read servicePrincipalName
Write servicePrincipalName
Click OK two times.

When done and your SQL services are restarted , you will have the following SPN’s registered automatically ( depending on your config and products used )

To list the Registered SPN’s , use the command “setspn –l [Domain]\[SQL Service Account]

Example :


Hope it helps ,

Kenny Buntinx

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest