Service Principal Name (SPN) 服務主體名稱
---- Searching for duplicates
---- especially forest-wide, can take a long period of time and a large amount of memory.
C:\setspn -X
---- Query SPN on account
C:\setspn -L "CONTOSO\SQLservice"
以下範例,回傳沒有註冊任何SPN
For standalone SQL Server instance, 假設SQL Server service accoun為contoso\SQLservice
C:\setspn –A MSSQLSvc/SQLServer1.contoso.com:1433 contoso\SQLservice
For failover cluster SQL Server instance, 假設SQL Server service accoun為contoso\SQLservice
C:\setspn –A MSSQLSvc/SQLclust.contoso.com:1433 contoso\SQLService
Setspn
http://technet.microsoft.com/en-us/library/cc731241.aspx
Published: April 17, 2012
Updated: August 31, 2012
Applies To: Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Query Mode Parameters Description
-Q <SPN> Query for existence of SPN. Usage: setspn -Q SPN
-X
Note
Searching for duplicates, especially forest-wide, can take a long period of time and a large amount of memory.
Search for duplicate SPNs.
Usage: setspn -X
列出網域帳戶SQLServiceAccount(SQL Server Service Account)所註冊的SPN
C:\setspn –L SQLServiceAccount
刪除一個SPN
刪除Localservice啟動後也自動以電腦帳戶註冊的SPN
C:\setspn –D MSSQLSvc/SQLNode1.abc.com:1433 SQLNode1
增加一個SPN
C:\setspn –A MSSQLSvc/SQL_Hostname.abc.com:1433 SQLServiceAccount
Kerberos with Service Principal Name (SPN)
https://docs.microsoft.com/en-us/windows-server/networking/sdn/security/kerberos-with-spn
沒有留言:
張貼留言