| Event Information | According to Microsoft:
Cause:
Only a domain administrator account or a local system account has the required permissions to register an SPN. Therefore, if the SQL Server service is started under a non-administrator account,
SQL Server cannot register the SPN for the instance. This behavior will not prevent the instance from starting.
Resolution:
When you register an SPN for a SQL Server service,
you essentially create a mapping between an SPN and the Windows account that started the server instance service.
You must register the SPN because the client must use a registered SPN to connect to the server instance.
The SPN is composed by using the server’s computer name and the TCP/IP port. If you do not register the SPN,
the SSPI cannot determine the account that is associated with the SPN. Therefore, Kerberos authentication will not be used.
When SQL Server is running under the local system account or under a domain administrator account,
the instance will automatically register the SPN in the following format when the instance starts: MSSQLSvc/FQDN:tcpport
Note FQDN is the fully qualified domain name of the server. tcpport is the TCP/IP port number. |
