Register a SPN for SQL Server Authentication with Kerberos
After querying the SQL Server sys.dm_exec_connections DMV I noticed that all my currently connected sessions using Windows Authentication had used NTLM and not Kerberos. How do I get them to use Kerberos? Check out this tip to learn more.
www.mssqltips.com
SQL 서비스 시작 시 서비스 계정으로 SPN등록이 자동으로 이루워진다.
exec xp_readerrorlog 0,1,N'SPN'아래는 정상적으로 등록이 안될 경우를 보여준다.
The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/XXXXXX ] for the SQL Server service. Windows return code: 0x2098, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.
The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/XXXXXX :1433 ] for the SQL Server service. Windows return code: 0x2098, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.
select session_id,net_transport,client_net_address,auth_scheme
from sys.dm_exec_connections위의 쿼리를 통해서 연결들이 어떤 인증을 사용하는지 확인이 가능하다.
'운영 > 권한 관리' 카테고리의 다른 글
| public Role에 부여된 권한 확인 (0) | 2022.03.25 |
|---|---|
| 데이터베이스 사용자 권한 조회 (0) | 2021.11.09 |
| The database principal owns a schema in the database, and cannot be dropped. (0) | 2021.03.12 |
| 데이터베이스 부여된 권한 조회 (0) | 2020.10.19 |
| 데이터베이스 이동 시 패스워드를 그대로 Login 이관 (0) | 2019.02.26 |
