SSPI Error when connecting from Intune Managed AVD to SQL Host using SSMS

Jason P 116 Reputation points
2024-07-05T12:59:15.8366667+00:00

Hi All,

I have a problem when trying to connect to a SQL Server using SSMS via an Entra joined and Intune Managed AVD.

The SQL host is in an AD DS where accounts are synced to Entra AD.

The error I get is :

The target principal name is incorrect. Cannot generate SSPI context.

I checked up on this and it talks about SPN not being registered. I set up the service account to register the SPN and I still get the error. Then I removed those registrations and manually created them using the Computer account details. That has not worked either.

I used Kerberos Configuration Manager and is shows up all good. SQLCheck also showed up showing the SPNs when I manually created them. It does not show up when the service account creates them, but from reading that is how it should be (That the service account has the permissions to create the SPN, which it has done)

Does anyone have an idea what could be the issue here.

Thanks

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,214 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,670 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. LucyChenMSFT-4874 2,825 Reputation points
    2024-07-08T03:08:55.74+00:00

    Hi @Jason P,

    Thank you for your reaching out and welcome to Microsoft Q&A!

    It seems that it is a known issue, please refer to this official document "Cannot generate SSPI context" error when using Windows authentication to connect SQL Server.

    Hope this can help you understand well!

    Feel free to share your issue here if you have any concerns!

    Best regards,

    Lucy Chen

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    https://docs.microsoft.com/en-us/answers/support/email-notifications