In this topic you will configure Microsoft Provisioning System (MPS) to use Kerberos Authentication when authenticating against the MPS computer running Microsoft SQL Server.
Tasks
- Configure MPS to Use Kerberos Authentication
Configure MPS to Use Kerberos
Authentication
In the following procedures you will configure MPS to use Kerberos authentication by creating a Service Principal Name (SPN) for the MPSSQLService account. You will use the Windows Server 2003 SP2 Support Tools tool SetSPN to create the new Service Principal Names.
Procedure W03-DWSPV.26: To create an SPN for the MPSSQLService account
-
On MPS01, open a command prompt.
-
Run the following series of commands to create an SPN for each node of the MPSSQL cluster and for the virtual server instance. You need to create an SPN for both the NetBIOS Name and Fully Qualified Domain Name (FQDN) of each server running SQL Server.
Copy CodeSETSPN -A MSSQLSvc/MPSSQL01.Fabrikam.com:1433 Fabrikam\MPSSQLService SETSPN -A MSSQLSvc/MPSSQL01:1433 Fabrikam\MPSSQLService SETSPN -A MSSQLSvc/MPSSQL02.Fabrikam.com:1433 Fabrikam\MPSSQLService SETSPN -A MSSQLSvc/MPSSQL02:1433 Fabrikam\MPSSQLService SETSPN -A MSSQLSvc/MPSSQLVS01.Fabrikam.com:1433 Fabrikam\MPSSQLService SETSPN -A MSSQLSvc/MPSSQLVS01:1433 Fabrikam\MPSSQLService
Procedure W03-DWSPV.27: To verify the SPN for the MPSSQLService account
-
On MPS01, open a command prompt.
-
Run the following command:
Copy CodeSETSPN -L Fabrikam\MPSSQLService
-
Ensure that an SPN is registered for both the NetBIOS Name and the FQDN of each node of the MPS SQL Server cluster.