Using Kerberos Authentication With SQL ServerPermanent link for this heading

Keep in mind that if a domain user account is used for the database services, the SPN (Service Principal Name) has to be set for a secure Kerberos authentication.

More information can be found in the Microsoft documentation:

https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-2017

Run setspn –A MSSQLSvc/<FQDN>:<PORT> <SQL Service Account> as a domain administrator. If a service principal name is not set incoming Microsoft SQL Server connections will be authenticated using NTLM instead of Kerberos authentication.

Example:

setspn -A MSSQLSvc/server08.comp.com SQLSrv

Run setspn -L <SQL Service Account> to list all the SPNs that are registered to the domain user account who runs the instance of Microsoft SQL Server.

Example:

setspn –L SQLSrv