Using Kerberos Authentication With SQL ServerPermanent link for this heading

Keep in mind that if a domain user account is used for the database services, the SPN (Service Principal Name) has to be set for a secure Kerberos authentication.

More information can be found in the Microsoft documentation: new window

Run setspn –A MSSQLSvc/<FQDN>:<PORT> <SQL Service Account> as a domain administrator. If a service principal name is not set incoming Microsoft SQL Server connections will be authenticated using NTLM instead of Kerberos authentication.


setspn -A MSSQLSvc/ SQLSrv

Run setspn -L <SQL Service Account> to list all the SPNs that are registered to the domain user account who runs the instance of Microsoft SQL Server.


setspn –L SQLSrv