Navigate
or
Contact Us
Subscribe Download PDF

SPN Verification

Ami Thakkar
2017-08-03
0 Comments
in MSSQL

SPN Verification Checks  

Release Classification Level DB Platform Categories
3.11+ Information SQL Server Kerberos

 

 

ScaleArc performs the various checks during Kerberos configuration. Make sure the following is configured correctly to continue with the process.

 

- How to set up Service Principal Name (SPN) for ScaleArc

 

SPN is a unique identifier for a service on a network that uses Kerberos authentication. It consists of a service class, a host name, and a port. To create an SPN, use the SetSPN command line utility.

 

From the power shell, set up the Service Principal Name for ScaleArc on AD:

 

1. Log into the Active Directory server as a user with domain administrator's privileges.

2. From the power shell, set the service principal name for ScaleArc on AD. Remember to specify the port correctly. In this example, the cluster listens on port 1433. 

  1. For standalone server
    Syntax
    Setspn -A MSSQLSvc/<VIP_Hostname>.<domainname>:<port> <domain\ScaleArc hostname$>
     
    Example
    C:\>setspn -A MSSQLSvc/scale-test.krbs.com:1433 krbs\scale-pri$
    For AG Listener
    Syntax
    Setspn -A MSSQLSvc/<VIP_Hostname>.<domainname>:<port> <domain\ScaleArc hostname$> 
     
    Example
    C:\>setspn -A MSSQLSvc/scale-test.krbs.com:1433 krbs\scale-pri$
      
    Syntax for AG Listener
    Setspn -A MSSQLSvc/<AG LISTENER_Hostname>.<domainname>:<port><domain\domain admin user>
      
    Example
    C:\>setspn -A MSSQLSvc/aglsnr.krbs.com:1433 krbs\cls

    If you are a cloud customer, instead of <VIP_Hostname> use the All IP hostname which was configured earlier.

  

- How to set hostname against the VIP

Kerberos authentication uses hostnames to identify machines and services in the domain. This requires a valid and unique hostname for the VIP on the ScaleArc machine. 

 

Create a hostname (DNS setup)

Follow these steps:

  1. Open DNS manager on the AD server.
  2. Navigate to the domain name, and right click it.
  3. Select New Host from the drop down menu.

      

  4. Enter a new hostname; for example, scale-test. The FQDN for the record appears in the field. 

    Important

    Make sure you enter a hostname that does not include special characters such as underscore or period.




  5. Next, enter the IP address associated with the hostname. 
  6. Select "Create associated pointer (PTR) record". This creates a reverse name lookup record for the host.
  7. Click Add Host. At this time you should have both the forward and reverse lookup for the virtual IP set to hostname scale-test.

 

Permalink: https://support.scalearc.com/kb/articles/4321