Sharepoint DB server "The target principal name is incorrect. Cannot generate SSPI context"

Question

I found the above error when I attempt to access Central admin from the app and web front end servers. No configuration was done to use Kerberos authentication was used.

Past activity done before the error occurred was rejoining the DB server back to domain.

Findings:

• SQL and SharePoint services are running.
• TNC to DB server (using FQDN) is successful but not ping.
• Unable to ping and TNC using DB alias.
• Unable to use Kerberos Configuration Manager tool (issue with accessing User Account information

)

• Ran a SQLChecker app/report, found SPN which are do not exist and in the wrong account (refer to screenshot)

Troubleshooting attempts:

• Restarted SQL and SharePoint services.
• Reset service account password which is used to authenticate DB server.

Answer 1

Hi @Azim,

The error "The target principal name is incorrect. Cannot generate SSPI context" can occur when attempting to access Central Admin from the app and web front-end servers. This error can be caused by various reasons, such as misconfigured SPNs, name resolution issues, or insufficient rights for SQL Server service startup accounts. you can try using the Microsoft Kerberos Configuration Manager (KCM) tool to check the causes of the error. Reference: Fix the error with Kerberos Configuration Manager (Recommended).

If it does not resolve the issue, try the solutions in this case: The target principal name is incorrect. Cannot generate SSPI context.

---

If the answer is helpful, please click "Accept as Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.