FIM Troubleshooting: Cannot generate SSPI Context

Article
1/17/2024

Problem Statement

The FIM Service fails to start. Review of the Application Event Log, we see an Event ID 0. The key is the text within the message "Cannot generate SSPI context".

System.Data.SqlClient.SqlException: Cannot generate SSPI context.

Cause

This is an indication that there is a Kerberos problem. Specifically with connecting to SQL Server. Here is a great Microsoft Knowledge Base Article that speaks on SSPI.

How to troubleshoot the "Cannot generate SSPI context" error message

http://support.microsoft.com/kb/811889

Troubleshooting Action

Checked the SQL Server service to see what account was running the SQL Server
In this case it was the Local System Account
Reviewed the machine account in Active Directory that is hosting SQL Server and found that we were missing the SQL Server SPNs.

Resolution

Added the correct SQL Server SPNs

Share via

FIM Troubleshooting: Cannot generate SSPI Context

Problem Statement

Cause

Troubleshooting Action

Resolution

Additional resources

Share via

FIM Troubleshooting: Cannot generate SSPI Context

​Problem Statement

Cause

Troubleshooting Action

Resolution

Additional resources

Problem Statement