Re: SPN Requirement

That does tell you more about the Event ID though. Error:
0x2098 is "insufficient access rights to perform operation"
The service account for SQL Server needs to be a domain
admin or local system to register in AD at startup. As long
as you are have it correctly registered and are using a
static IP port, I would think you should be okay. I wouldn't
recommend changing the permissions for the service account -
too many security risks with doing that.The other thing I
remember is someone changing the permissions on the service
account to allow Write Public Information rights but I'd
suspect that's too many rights as well.
This blog has more information on what you are seeing:
http://blogs.msdn.com/sql_protocols/archive/2005/10/12/479871.aspx

-Sue

On Tue, 10 Oct 2006 11:56:02 -0700, Erik Bo Sørensen
<ErikBoSrensen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Dear Sue et al

I haven't (yet) done any research for KDC error codes - I thought that to be
less relevant as the Application Log Event 26037:
Event Type: Information
Event Source: MSSQL$WEBPROD
Event Category: (2)
Event ID: 26037
Date: 10-10-2006
Time: 20:44:52
User: N/A
Computer: SQL01
Description:
The SQL Network Interface library could not register the Service Principal
Name (SPN) for the SQL Server service. Error: 0x2098. Failure to register an
SPN may cause integrated authentication to fall back to NTLM instead of
Kerberos. This is an informational message. Further action is only required
if Kerberos authentication is required by authentication policies.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: b5 65 00 00 0a 00 00 00 µe......
0008: 0e 00 00 00 53 00 51 00 ....S.Q.
0010: 4c 00 30 00 31 00 5c 00 L.0.1.\.
0018: 57 00 45 00 42 00 50 00 W.E.B.P.
0020: 52 00 4f 00 44 00 00 00 R.O.D...
0028: 00 00 00 00 ....

Indicates, that NTLM will be used instead of Kerberos.
?I?ll be back?
(I tried to register MSSQLSvc/<ServerName>\<InstanceName> - but that didn?t
help at all ?)

.

Relevant Pages

  • Re: Setup stalling
    ... it does not look like the service account really is a ... member of the local administrators group on the SQL Server. ... the service account. ... Then grant SMS rights to a user account and add to the SMS admins local ...
    (microsoft.public.sms.setup)
  • Re: xcopy deployment to sql server DTS package in restricted envir
    ... Try using Run As with the DTS package. ... William Vaughn ... This posting is provided "AS IS" with no warranties, and confers no rights. ... Hitchhiker's Guide to Visual Studio and SQL Server ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Which Method to Create a Database Do I Use?
    ... when I was working on the team) to get rights management tools integrated ... Hitchhiker's Guide to Visual Studio and SQL Server ... actually be able to connect to the database. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: xcopy deployment to sql server DTS package in restricted envir
    ... We created an account specific for this application with full rights (as far ... also wondering if I have to digitally sign the .exe or something. ... Hitchhiker's Guide to Visual Studio and SQL Server ... When you say I need to grant rights to the group to which I belong, ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Which Method to Create a Database Do I Use?
    ... To be fair, VS is a "generic" tool designed to front a variety of backend databases, but each of the serious engines have rights management needs as well. ... But the more I think about how connecting to a database is setup and the trouble it's been, the more it just pisses me off. ... Hitchhiker's Guide to Visual Studio and SQL Server ...
    (microsoft.public.dotnet.framework.adonet)