I've run into something strange here, and I'm not sure how to resolve it. I ran into a Kerberos authentication issue because of a missing AOAG SPN, and I was helping to do some of the troubleshooting when I noticed something odd. Some of the tickets that granted me access to the nodes of the AOAG cluster were using the encryption type that I would expect. However, the MSSQLSvc SPNs were not using what I would expect![quote]klist#XX> Client Somebody@somedomain.com Server: RPCSS/MySQLServer@somedomain.com KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96#XX> Client Somebody@somedomain.com Server: MSSQLSvc/MySQLServer@somedomain.com KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)#XX> Client Somebody@somedomain.com Server: MSSQLSvc/MyAOAGListener@somedomain.com KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)[/quote]I can't seem to figure out what the next step should be, and the infrastructure admins are stumped as well. Any thoughts on how to proceed?Thanks!
↧