In this topic you will configure Microsoft Provisioning System (MPS) to use Kerberos Authentication when authenticating against the MPS computer running Microsoft SQL Server.

Tasks

  1. Configure MPS to Use Kerberos Authentication

Configure MPS to Use Kerberos Authentication

In the following procedures you will configure MPS to use Kerberos authentication by creating a Service Principal Name (SPN) for the MPSSQLService account. You will use the Windows Server 2003 SP2 Support Tools tool SetSPN to create the new Service Principal Names.

Procedure W03-DWSPV.26: To create an SPN for the MPSSQLService account

  1. On MPS01, open a command prompt.

  2. Run the following series of commands to create an SPN for each node of the MPSSQL cluster and for the virtual server instance. You need to create an SPN for both the NetBIOS Name and Fully Qualified Domain Name (FQDN) of each server running SQL Server.

      Copy Code
    SETSPN -A MSSQLSvc/MPSSQL01.Fabrikam.com:1433 Fabrikam\MPSSQLService
    SETSPN -A MSSQLSvc/MPSSQL01:1433 Fabrikam\MPSSQLService
    SETSPN -A MSSQLSvc/MPSSQL02.Fabrikam.com:1433 Fabrikam\MPSSQLService
    SETSPN -A MSSQLSvc/MPSSQL02:1433 Fabrikam\MPSSQLService
    SETSPN -A MSSQLSvc/MPSSQLVS01.Fabrikam.com:1433 Fabrikam\MPSSQLService
    SETSPN -A MSSQLSvc/MPSSQLVS01:1433 Fabrikam\MPSSQLService
    

Procedure W03-DWSPV.27: To verify the SPN for the MPSSQLService account

  1. On MPS01, open a command prompt.

  2. Run the following command:

      Copy Code
    SETSPN -L Fabrikam\MPSSQLService
    
  3. Ensure that an SPN is registered for both the NetBIOS Name and the FQDN of each node of the MPS SQL Server cluster.