Hi, The MSSQLSvc SPN should be registered automatically during SQL Server setup. It would appear under the computer account or user account that the SQL Server services are running under.
Then, you need to permit delegation at your front tier (hosting your web service) to the backend SQL Server. Adding extra (duplicate) SPNs will break Kerberos, so make sure you need to add this SPN before you do. http://www.adopenstatic.com/cs/blogs/ken/archive/2007/01/28/1282.aspx is how you set this up for standard IIS and SQL Server (the delegation bit). You'll probably want to read part 3 on ensuring you are using Kerberos to your front-tier box. There's a list of the Kerberos FAQs here: http://www.adopenstatic.com/faq/ Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Simon Reed Sent: Monday, 14 November 2011 4:15 PM To: ozDotNet Subject: Kerberos Issue Hi All, Having a bit of a tricky Kerberos issue with passing a credential through to SQL server from a 4.0 WCF REST service. I've been trying to set up Kerberos to get this working as multi hop will be an issue with the final solution and currently i'm getting Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' on all requests. Looking at the set up for Kerberos I need to be able to set the delegation trust for this server by adding the MSSQLSvc in AD, but in the list of available services MSSQLSvc does not appear. I have registered the SPN MSSQLSvc/SERVERNAME:Port Account but no luck. I'm feeling a bit out of my depth here anyone got any ideas what step I've missed? Cheers, Si
