If you want to connect to a SQL server using DNS you will need to have both the “SQL Server Browser” service and an SPN setup in your domain to allow authentication.
This allows the DNS name that you have setup to authenticate against the SQL Server using integrated authentication.
setspn MSSQLSvc/spdata.ep-dev.[domain].biz:1422 [servername]
setspn MSSQLSvc/spdata.ep-dev.[domain].biz:1433 [servername]
You will know that you need to do this if all of the below is true:
You can get he setspn tool from the Windows Server 2003 Admin Pack.
Use it to see what SPN’s already exist and to see how you can utilise them. For example calling setspn on my [servername] produced:
C:>setspn [servername]
Registered ServicePrincipalNames for CN=[servername],OU=Member Servers,DC=[domain],DC=biz:
MSSQLSvc/[servername].[domain].biz:1422
MSSQLSvc/[servername].[domain].biz:1433
SMTPSVC/[servername]
SMTPSVC/[servername].[domain].biz
HOST/[servername].[domain]onet.biz
HOST/[servername]
this information helped me identify that the first two “MSSQLSvc” spn’s would need to be added to this server. You can add SPN’s to accounts as well, but if you only need to access a single server then adding it to an account is a little overkill and probably a security risk.
I’m off to make a request for infrastructure to run this…
Technorati Tags: SP 2007
No related videos found.
If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.
We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.
