SPN Verification

Release Classification Level DB Platform Categories
3.11+ Information Screen_Shot_2016-01-19_at_1.20.22_PM.png SQL Server Kerberos


ScaleArc performs the various checks during Kerberos configuration. Make sure the following is configured correctly to continue with the process.

How to set up Service Principal Name (SPN) for ScaleArc

SPN is a unique identifier for a service on a network that uses Kerberos authentication. It consists of a service class, a host name, and a port. To create an SPN, use the SetSPN command line utility.


From the power shell, set up the Service Principal Name for ScaleArc on AD:

  1. Log into the Active Directory server as a user with domain administrator's privileges.
  2. From the power shell, set the service principal name for ScaleArc on AD. Remember to specify the port correctly. In this example, the cluster listens on port 1433. 
    1. For standalone server
      Setspn -A MSSQLSvc/<VIP_Hostname>.<domainname>:<port> <domain\ScaleArc hostname$>

      C:\>setspn -A MSSQLSvc/scale-test.krbs.com:1433 krbs\scale-pri$
    2. For AG Listener
      Setspn -A MSSQLSvc/<VIP_Hostname>.<domainname>:<port> <domain\ScaleArc hostname$> 

      C:\>setspn -A MSSQLSvc/scale-test.krbs.com:1433 krbs\scale-pri$

      Syntax for AG Listener
      Setspn -A MSSQLSvc/<AG LISTENER_Hostname>.<domainname>:<port><domain\domain admin user>

      C:\>setspn -A MSSQLSvc/aglsnr.krbs.com:1433 krbs\cls
      If you are a cloud customer, instead of <VIP_Hostname> use the All IP hostname which was configured earlier.


How to set hostname against the VIP

Kerberos authentication uses hostnames to identify machines and services in the domain. This requires a valid and unique hostname for the VIP on the ScaleArc machine. 


Create a hostname (DNS setup)

Follow these steps:

  1. Open DNS manager on the AD server.
  2. Navigate to the domain name, and right click it.
  3. Select New Host from the drop down menu.

  4. Enter a new hostname; for example, scale-test. The FQDN for the record appears in the field.
    Important: Make sure you enter a hostname that does not include special characters such as underscore or period.


  5. Next, enter the IP address associated with the hostname. 
  6. Select "Create associated pointer (PTR) record". This creates a reverse name lookup record for the host.
  7. Click Add Host. At this time you should have both the forward and reverse lookup for the virtual IP set to hostname scale-test.



Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request