SCOM – Alert: SQL Server Cannot Authenticate Using Kerberos Because the Service Principal Name (SPN) is Missing, Misplaced, or Duplicated

This blog explains what needs to be done when there are tools which can monitor and report issue about SPNs. Once a client informed that SCOM (System Center Operations Manager) is connected to the databases on SQL Server and raising below warning regarding the SQL Server (Service Principal Name) SPNs:

SQL Server cannot authenticate using Kerberos because the Service Principal Name (SPN) is missing, misplaced, or duplicated.

Service Account: SQLAUTHORITY\ProdSQLSrv


Here is the screenshot for the alert.

SCOM - Alert: SQL Server Cannot Authenticate Using Kerberos Because the Service Principal Name (SPN) is Missing, Misplaced, or Duplicated scom-spn-01

Whenever I see errors/warning related to SPN, I always try to use Kerberos Configuration Manager tool.


It is important to note that this is an alert not a failure because SPN issue will not cause every connection to fail. It means that any application, which is trying to use Kerberos authentication is going to fail with errors:

  1. Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON’
  2. Cannot generate SSPI context

I downloaded the tool and installed in on the server. As soon we are launching the tool, we can just hit connect. The best piece about this tool is that it can help in finding missing SPN and provide script to run or fix it directly if you have permission. Basically, it can

  • Gather information on OS and Microsoft SQL Server instances installed on a server.
  • Report on all SPN and delegation configurations on the server.
  • Identify potential problems in SPNs and delegations.
  • Fix potential SPN problems.

If you are not a fan of a installing tool on the server then you can use SETSPN.exe to set the correct SPNs. Based on above error, here is the command.


Note that we need to run above line from an elevated command prompt with an account with domain admin permissions. We ran the command and after a minute we got the message all was fine. And as expected, the alerts don’t come back anymore.

Reference: Pinal Dave (

SQL Error Messages, SQL Server, SQL Server Security
Previous Post
SQL SERVER – Cluster Patching: The RPC Server is Too Busy to Complete This Operation
Next Post
SQL Server Management Studio (SSMS) – Unable to Connect to SSIS – The Specified Service Does Not Exist as an Installed Service

Related Posts

2 Comments. Leave new

  • Thank you. I solved my problem using Kerberos Configuration Manager.

  • Hello Dave, Can you expand on what misplaced means? When I use the Kerberos Configuration Manager it creates them and they are still marked as misplaced. They are using gMSA’s for the service


Leave a Reply