This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 8%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
We have configured our organization's Windows 2022 Domain Controller and have been attempting to run windows updates which are mentioned below.
However, we have encountered a Kerberos authentication issue that has prevented the authentication of the users and MS SQL, as mentioned below.
SQL Server 2019 version sp1
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 2%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESX%3C/text%3E%3C/svg%3E)
Hi Ahmad MUNIR,
We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.
Best regards,
Seeya
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
You shoud start by checking if the required SPN for SQL service is well configured.
Check if the AES encryption of kerberos authentication is already configured on SQL service account and computer object of SQL server.
AES encryption
service-principal-name-spn-support-in-client-connections
Please don't forget to mark helpful reply as answer
Thanks for the help it does not help us at all.
Hi @Ahmad MUNIR ,
This error means that SSPI tries but can't use Kerberos authentication to delegate client credentials through TCP/IP or Named Pipes to SQL Server. In most cases, a misconfigured Service Principal Name (SPN) causes this error.
For more information, please refer to this document: "Cannot generate SSPI context" error when using Windows authentication to connect SQL Server.
If you run the SQL Server service under a domain account or under a local account, the attempt to create the SPN will fail in most cases because the domain account and the local account do not have the right to set their own SPNs.
Please see this thread, AmeliaGu replied with a very complete answer which contains many links you can refer to. Also, Kerberos Configuration manager is an official tool to help you troubleshoot SPN and delegation issues.
Best regards,
Seeya
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for the help we have already tried on the said fix it does not help us.
Did you check the success of your SPN registration? Are there any duplicate SPNs or are there any errors reported in the above process? You can also check the Errorlog for relevant error messages.
Hi @Ahmad MUNIR ,
We have not received a response from you. Have you solved your problem yet? If not, please FEEL FREE to tell us the latest progress.
Best regards, Seeya
Use the tool Microsoft® Kerberos Configuration Manager for SQL Server® to fix the issue.