Ignite Global Support Home Submit a request
How can we help?
  1. ScaleArc Support
  2. ScaleArc Customer Support
  3. Databases

SPN Verification

Avatar
Andre Ribeiro Queiroz
Follow
Release Classification Level DB Platform Categories
3.11+ Information Screen_Shot_2016-01-19_at_1.20.22_PM.png SQL Server Kerberos

 

ScaleArc performs the various checks during Kerberos configuration. Make sure the following is configured correctly to continue with the process.

How to set up Service Principal Name (SPN) for ScaleArc

SPN is a unique identifier for a service on a network that uses Kerberos authentication. It consists of a service class, a host name, and a port. To create an SPN, use the SetSPN command line utility.

 

From the power shell, set up the Service Principal Name for ScaleArc on AD:

  1. Log into the Active Directory server as a user with domain administrator's privileges.
  2. From the power shell, set the service principal name for ScaleArc on AD. Remember to specify the port correctly. In this example, the cluster listens on port 1433. 
    1. For standalone server
      Syntax
      Setspn -A MSSQLSvc/<VIP_Hostname>.<domainname>:<port> <domain\ScaleArc hostname$>

      Example
      C:\>setspn -A MSSQLSvc/scale-test.krbs.com:1433 krbs\scale-pri$
    2. For AG Listener 
      Syntax
      Setspn -A MSSQLSvc/<VIP_Hostname>.<domainname>:<port> <domain\ScaleArc hostname$> 

      Example
      C:\>setspn -A MSSQLSvc/scale-test.krbs.com:1433 krbs\scale-pri$

      Syntax for AG Listener
      Setspn -A MSSQLSvc/<AG LISTENER_Hostname>.<domainname>:<port><domain\domain admin user>

      Example
      C:\>setspn -A MSSQLSvc/aglsnr.krbs.com:1433 krbs\cls
      If you are a cloud customer, instead of <VIP_Hostname> use the All IP hostname which was configured earlier.

  

How to set hostname against the VIP

Kerberos authentication uses hostnames to identify machines and services in the domain. This requires a valid and unique hostname for the VIP on the ScaleArc machine. 

 

Create a hostname (DNS setup)

Follow these steps:

  1. Open DNS manager on the AD server.
  2. Navigate to the domain name, and right click it.
  3. Select New Host from the drop down menu.
    SA-Demo-AdminVIPHostname--11-12.png  

  4. Enter a new hostname; for example, scale-test. The FQDN for the record appears in the field.
    Important: Make sure you enter a hostname that does not include special characters such as underscore or period.

    SA-Demo-AdminVIPAddHostnme1--11-12.png

  5. Next, enter the IP address associated with the hostname. 
  6. Select "Create associated pointer (PTR) record". This creates a reverse name lookup record for the host.
  7. Click Add Host. At this time you should have both the forward and reverse lookup for the virtual IP set to hostname scale-test.

Comments

0 comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Other articles in this section


Database load balancing software for MySQL, SQL Server and PostgreSQL



Contact Details


International: +1 972-588-4221

2028 E Ben White Blvd,
Suite 240-2650
Austin, TX 78741

ScaleArc Support
Copyright © 2022 Ignite Technologies, Inc. All Rights Reserved | IgniteTech is an ESW Capital Group Company