whoami still returning old username after surname change, SSMS not able to recognize the windows authentication user

Question

whoami still returning old username after surname change, SSMS not able to recognize the windows authentication user

Tomasz Sobotka 35

Hello,

After a surname change in users profile we are experiencing some issues when running SSMS and trying to log to any database.

Old username: firstname.lastname @ company.com - monika.wozniak

New username: firstname.newlastname @ company.com - monika.dzielo

Device state: AzureAd Joined - Yes

User has already:

switched over to new Windows profile by logging via other user >> new email
credentials which are used for connecting with SSMS databases were updated accordingly in Windows Credential Manager

I have also tried removing and adding back user to localadmin group via:

net localgroup administrators /add "AzureAD\firstname.newlastname @ company.com"

However user is still added as old username and same goes for listing

CMD is returning:

User's image

the result in SSMS is:

User's image

Erland Sommarskog 121.9K Reputation points MVP Volunteer Moderator

2025-06-25T21:09:25.1+00:00

This is more of a Windows question than a question about SSMS. But it seems to me that all you need was to change here email address, but you did not change her user name.

To me it also looks funny that the name of the domain is AZUREAD - but that is still only a Windows domain. But here I need to hasten to add that my expertise is SQL Server, not in Windows, Active Directory or Entra (which is what Azure AD is called these days).

I don't know what tag you had originally, but it seems that another moderator changed it to Azure SQL Database. I've changed that to a tag for Active Directory.
Tomasz Sobotka 35 Reputation points

2025-06-26T07:20:39.7+00:00

But it seems to me that all you need was to change here email address, but you did not change her user name.

Display Name, UPN, Email address etc. all have been changed in AAD/EntraID/M365 admin center - on user's endpoint there was re-log to proper email address and update in credential manager from which credentials are used in SSMS.

The sync should go by object ID but when checking on user's computer CMD >> whoami it still shows old name. However, when user was given access to AVD there was no problem cause profile created on AVD has been initialized with new surname and when checking CMD >> whoami it's returning new updated name = SSMS also inherits the correct name and is working.

Now, I think the problem is with naming of the folder under *C:\Users* or there is a registry entry which needs an update - or both

Too bad this process needs manual update.
Tomasz Sobotka 35 Reputation points

2025-06-26T12:07:52.4833333+00:00

@Erland Sommarskog

But it seems to me that all you need was to change here email address, but you did not change her user name.

Display Name, UPN, Email address etc. all have been changed in AAD/EntraID/M365 admin center - on user's endpoint there was re-log to proper email address and update in credential manager from which credentials are used in SSMS.

The sync should go by object ID but when checking on user's computer CMD >> whoami it still shows old name. However, when user was given access to AVD there was no problem cause profile created on AVD has been initialized with new surname and when checking CMD >> whoami it's returning new updated name = SSMS also inherits the correct name and is working.

Now, I think the problem is with naming of the folder under C:\Users or there is a registry entry which needs an update - or both

Too bad this process needs manual update.

1 answer

Your answer

Erland Sommarskog 121.9K Reputation points MVP Volunteer Moderator

2025-06-25T21:09:25.1+00:00

This is more of a Windows question than a question about SSMS. But it seems to me that all you need was to change here email address, but you did not change her user name.

To me it also looks funny that the name of the domain is AZUREAD - but that is still only a Windows domain. But here I need to hasten to add that my expertise is SQL Server, not in Windows, Active Directory or Entra (which is what Azure AD is called these days).

I don't know what tag you had originally, but it seems that another moderator changed it to Azure SQL Database. I've changed that to a tag for Active Directory.
Tomasz Sobotka 35 Reputation points

2025-06-26T07:20:39.7+00:00

But it seems to me that all you need was to change here email address, but you did not change her user name.

Display Name, UPN, Email address etc. all have been changed in AAD/EntraID/M365 admin center - on user's endpoint there was re-log to proper email address and update in credential manager from which credentials are used in SSMS.

The sync should go by object ID but when checking on user's computer CMD >> whoami it still shows old name. However, when user was given access to AVD there was no problem cause profile created on AVD has been initialized with new surname and when checking CMD >> whoami it's returning new updated name = SSMS also inherits the correct name and is working.

Now, I think the problem is with naming of the folder under *C:\Users* or there is a registry entry which needs an update - or both

Too bad this process needs manual update.
Tomasz Sobotka 35 Reputation points

2025-06-26T12:07:52.4833333+00:00

@Erland Sommarskog

But it seems to me that all you need was to change here email address, but you did not change her user name.

Display Name, UPN, Email address etc. all have been changed in AAD/EntraID/M365 admin center - on user's endpoint there was re-log to proper email address and update in credential manager from which credentials are used in SSMS.

The sync should go by object ID but when checking on user's computer CMD >> whoami it still shows old name. However, when user was given access to AVD there was no problem cause profile created on AVD has been initialized with new surname and when checking CMD >> whoami it's returning new updated name = SSMS also inherits the correct name and is working.

Now, I think the problem is with naming of the folder under C:\Users or there is a registry entry which needs an update - or both

Too bad this process needs manual update.

Answer 1

Hello,

Thank you for posting question on Microsoft Windows Forum.

Based on the error message "The target principal name is incorrect. Cannot generate SSPI context. (Microsoft SQL Server)" generated in SSMS. This error typically points to an issue with Kerberos authentication, most likely due to a mismatch. When your username changed from "@company.com" to "@company.com", even though you have updated credentials locally and switched profiles, the Kerberos system on the server-side (where SQL Server runs) might still be trying to authenticate your old principal name, or the SPN for the SQL Server itself might be incorrectly registered against an old service account, or not updated to reflect the new user principal.

The followings are a few of suggested steps for troubleshooting to the issue.

1.Verify Azure AD Profile Sync:

Ensure Azure AD shows the new UPN (******@company.com) as the primary username

Check sync status in: Azure Portal → Azure Active Directory → Users

2.Purge Kerberos tickets on the client:

Open Command Prompt as the user and run:
klist purge
klist ticket ->Verify no old UPN remains.

3.Check Existing SPNs:

Open a command prompt as administrator on a domain-joined machine (or the SQL Server itself) and run:
setspn -L DOMAIN\SQLSvcAccount
If the SPNs are incorrect, missing, or registered against an old account, you'll need to correct them.

4.Test Kerberos Auth:

Running below 2 commands:
setspn -Q MSSQLSvc/<SQL_Server_FQDN> > Verify SPN registration
klist get MSSQLSvc/<SQL_Server_FQDN> > Request new ticket

5.Checking Old Profile References:

Open regedit
Navigate to this path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Searching for any keys referencing the old SID (look for profile paths with monika.wozniak)

You can refer to below article for more information regarding the error message.

https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/connect/cannot-generate-sspi-context-error

Hope the above information is helpful!

Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-06-30T05:54:49.8733333+00:00

Tomasz Sobotka

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-07-01T01:54:56.61+00:00

Tomasz Sobotka

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Share via

whoami still returning old username after surname change, SSMS not able to recognize the windows authentication user

1 answer

Your answer