Hello, I'm new to troubleshooting Kerberos and a little confused about the
SPN's and hopefully someone could clear things up for me. I am running in a
Windows 2000 environment using three servers, SQL server, web server (IIS
5.0) and a Terminal Server. I am using a web application going from the TS
server to the Web server, and then to the database server.
On the SQL and TS servers I am getting the following error"0x7 -
KDC_ERR_S_Principal_UNKNOWN : Server not found in Kerberos Database" both
servers are using local system accounts for IIS and SQL, so the default
SPN's are on the server. When I do a "setspn -L computer name" should I
only see information about the local server (local SPN's)? Or should the
SPN's be pointing to a DC? I read a lot of information about the SPN's but
I guess I am still confused of how this all work. Do I need to set IIS and
SQL with a Domain account for the services?