SQLCMD 2014 fails to authenticate via Kerberos

 

Understanding of the issue:

When we try to execute a query on a SQL server from a remote machine using SQLCMD.exe, the connection goes via NTLM rather than KERBEROS even though all the pre-requisites for the Kerberos authentication is fulfilled.

 

1

When using SQLCMD of version 2012 and below, the connection goes via Kerberos provided the prerequisites are fulfilled.

 

2

This behavior is seen only in SQLCMD, but when the same query is run through SQL Server Management Studio (SSMS), it goes via Kerberos irrespective of the SSMS version.

 

3

 

Cause:

It is a by design behavior with SQL 2014 that the SQLCMD requires SPNs with a NETBIOS name in order to go through Kerberos.

 

Resolution:

Create a SPN with the HOSTNAME/ NETBIOS name along with the default SPNs with Fully Qualified Domain Name (FQDN)

 

4

 

In case you are still facing the same issue, please reach out to CSS team.

 

Author:   Chetan KT – SQL Server BI-ONE Developer team, Microsoft

Reviewer:     Sunil Kumar B.S. Escalation Engineer, SQL Server BI-ONE Developer team, Microsoft