SharePoint 2013 Hosting – :: How to Solve Cannot generate SSPI context in SharePoint

Today’s problem occured after I restarted a Hyper-V based SharePoint 2013 farm (Windows Server 2012, one SharePoint 2013 machine, one SQL Server 2012 machine, one DC). I fired up Central Administration and was hit with the following error:

ahp banner sharepoint-01

Unknown SQL Exception 0 occurred. Additional error information from SQL Server is included below.

The target principal name is incorrect. Cannot generate SSPI context.

After checking the obvious things – testing connectivity to the DB server, checking the SQL service was running, verifying permissions, etc – I initially figured this was an issue with my Hyper-V snapshots being out of sync, so I ran the SharePoint Products Configuration Wizard. This hit me with the following error:

Failed to detect if this server is joined to a server farm. Possible reasons for this failure could be that you no longer have appropriate permissions to the server farm, the database server hosting the server farm is unresponsive, the configuration database is inaccessible or this server has been removed from the server farm.

I attempted to rejoin the server farm to no avail, then I realised I was barking up the wrong tree. The initial error message suggests a Kerberos issue, while my farm is set up to use NTLM. After a lot of searching, this ancient forum thread pointed me in the right direction. In Active Directory, I opened the computer record for the DB server. In the attribute list, the servicePrincipalName attribute showed the following entries:

How to Solve Cannot generate SSPI context in SharePoint

Delete the two MSSQLSvc entries and then restart the database server. In most cases this should solve the problem. Without the SPNs, authentication falls back to NTLM as it should and the farm comes back to life.

Other users have reported that they also need to delete the RestrictedKrbHost entries. In a previous version of this post, I suggested deleting every entry – after all, if we’re using NTLM, we shouldn’t need any SPNs. However, if you delete all the entries you may find you have to remove and then re-add the database server to the domain.

I’m fairly certain that this issue arose when I added Analysis Services to the SQL Server instance on the database server. Other users have reported similar issues when adding Reporting Services and Integration Services to a SQL Server instance.

Cheap and Recommended SharePoint 2013 Hosting is Perfect, suitable hosting plan for a starter in SharePoint. ASPHostPortal the leading provider of Windows hosting and affordable SharePoint Hosting. ASPHostPortal proudly working to help grow the backbone of the Internet, the millions of individuals, families, micro-businesses, small business, and fledgling online businesses. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability