Register a service principal name (SPN) for your Microsoft SQL Server in order to permit service accounts and users to both find your server and authenticate to it with Kerberos authentication. While administrators typically perform this configuration for the SQL Server service account, doing so for the SQL Server Agent account enables trouble-free authentication for jobs, monitors and other automation tasks on the server.
- Skill level:
Other People Are Reading
Configure SQL server to use a domain account for the SQL server agent. Create an account in Active Directory Users and Computers for the SQL Server agent, and then use the SQL Server Configuration Manager to change the "Log on as..." account for the SQL Server Agent to the domain account.
Configure the service principal name. Open a command prompt using a domain account with permission to modify the SQL Agent service account. Type the command "setspn --A MSSQLSvc/<SQLAgentAccount>:1433 <domain\SQLAgentAccount>," where <SQLAgentAccount> is the name of the SQL Server Agent account and <domain\SQLAgentAccount> is the account name with the domain preceding it.
Confirm the configuration of the SPN by entering the command "setspn -l <SQLAgentAccount>," where <SQLAgentAccount> is the name of the domain account used by the SQL Server Agent.
Restart the SQL Agent Server on the SQL Server.
Tips and warnings
- Most enterprises do not need to register an SPN for the SQL Server Agent account, but will if the SQL Server is deployed on a failover cluster.
- 20 of the funniest online reviews ever
- 14 Biggest lies people tell in online dating sites
- Hilarious things Google thinks you're trying to search for