About Me - Who is DR DBA?

Hello. My name is Rudy Panigas and I am a Production Senior Microsoft SQL Server Database Administrator (DBA) with over 14 years of experience. Have published articles with SQL Central, am a leader for the my local PASS chapter in Toronto (TORPASS) and love to automate anything SQL including disaster recovery. I created this blog to share my views, knowledge and to discuss Microsoft SQL server in order to help out others in this field. Please test these scripts before using. I do not warranty and do not take any responsibility for it, its misuse or output it creates. You can reach me at this email address: sqlsurgeon@outlook.com

Tuesday, January 13, 2015

Auto Generating of Service Principal Name (SPN) Commands

Hello All,

Have you had to use Kerberos authentication and needed to create the commands for the Service Principal Name (SPN)? Then the script in this blog will help. Execute the script on the SQL Server with SQL Server Reporting Services (SSRS) and it will automatically generate the commands needed. 

If you need more details on Kerberos have a look at Rob Carrol blog. It is very good and covers how to enable Kerberos authentication for reporting services. Here is his link.

Now on to my script.

First, load this script on to your server (please verify on test servers) and execute. It only creates temp tables, does not write anything to SQL Server and the temp tables are deleted once executed.

The script will automatically detects the SQL Server settings

******** Settings that have been automatically detected **************

Result for detection of SQL Server name --> SrvName
Result for detection of Service Account name -->MyDomain\svcAccount
Result for detection of Port Number --> 1433
Result for detection of default Domain Name --> MyDomain
Result for detection of cluster --> SQL Server is not clustered
Result for detection of Kerberos --> TCP is using Kerberos
Result for detection of IP Address -->

Next, the script will take the information found and create the SETSPN commands 

echo '*** Automatic SQL Server Service Principal Name (SPN) ***'
echo ' '
echo 'Setting SQL Server Database SPN...please wait'
echo ' '
SetSPN -s "MSSQLSvc/SQLServerName:1433" "MyDomain\svcAccount"
SetSPN -s "MSSQLSvc/SrvName.MyDomain.com:1433" "MyDomain\svcAccount"

echo ' '
echo 'Setting SQL Server Reporting Services SPN...please wait'
echo ' '

SetSPN -s "http/SrvName" "MyDomain\svcAccount"
SetSPN -s "http/SrvName.MyDomain.com" "MyDomain\svcAccount"

echo ' '
echo 'Setting SQL Server Analysis Services SPN...please wait'
echo ' '

SetSPN -s "msolapsvc.3/SrvName" "MyDomain\svcAccount"
SetSPN -s "msolapsvc.3/SrvName.MyDomain.com" "MyDomain\svcAccount"

echo ' '
SetSPN -l MyDomain\svcAccount"
echo ' '

           ==> Auto SPN generation is now complete <==

Finally, copy the SetSPN statements and execute then with a Domain Admin account.  Verify that the account "MyDomain\svcAccount" has the following check on "Trust this user for delegation to any service [Kerberos only]

Note that once the SetSPN command is executed it may take several hours (once mine took approx. 8) before it takes effect.

Here is the link for my script



No comments:

Post a Comment

Note: Only a member of this blog may post a comment.