The “The target principle name is incorrect. Cannot generate SSPI context” error occurs when a user tries to connect to a SQL Server instance using a domain account and receives the error message.
This error message indicates that the SQL Server service cannot locate a domain controller(Entra ID) to authenticate the user’s account.
There are multiple reasons for this error. Here are couple reasons and solutions to fix an error:
- Check the SQL Server configuration settings. You should verify that the SQL Server is configured to use Windows Authentication and that the SQL Server service account has the appropriate permissions to access the domain controller.
- Please make sure firewall rules for the database are configured to "Allow access to Azure services" as you can see on below image, and you would need to set up a firewall rule to allow the public IP address used to make a connection. Also make sure you choose Database authentication mode
- Verify SQL Server SPNs using SQLCheck and Setspn tools. https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/connect/cannot-generate-sspi-context-error#step-3-verify-sql-server-spns-using-sqlcheck-and-setspn-tools https://learn.microsoft.com/en-us/answers/questions/1368194/microsoft-sql-the-target-principal-name-is-incorre