What is an SPN in an SQL instance

SPN stands for Service Principal Name. This is used for the service account to keep a connection open to the SQL instance. It uses Kerberos authentication for the account to be able to maintain a connection. In SQL every instance and child instances need to have their own SPN running. Accounts that have permission to register an SPN are;

1)      Local System account

2)      network service account

3)      domain administrator account

You can give these permissions to a virtual account or a managed service account. When these restarts the SQL service it will have the correct permissions to register an SPN.

How to tell if you have an SPN error

I have seen an error appear under the ID of 26037. This happens when a user or service account doesn’t have sufficient permissions to start the MSSQL$INSTANCENAME service. The error will look something like the below.

If you have seen this error, it would be worth taking a quick look back in your application logs to see if the MSSQLSERVER service has been stopped unexpectedly. To restart the service you need to make sure that the account you use has sufficient permissions. In my instance you can see that the service and the application have stopped unexpectedly.

Once this happens you will need an account with sufficient permissions to start the service that can register for an SPN. This will start the instance with administrator access.

Hope this has helped!

About the author