SOLVED

Constrained Delegation missing SPNs

%3CLINGO-SUB%20id%3D%22lingo-sub-2586890%22%20slang%3D%22en-US%22%3EConstrained%20Delegation%20missing%20SPNs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2586890%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Ei%20have%20a%20setup%20like%20this%3CBR%20%2F%3EDFL%2FFFL%3A%202012R2%3CBR%20%2F%3EOS%3A2012R2%3C%2FP%3E%3CP%3E1%20Reportserver%20Servicaccount%20dom%5Csa-rs%3C%2FP%3E%3CP%3E2%20Database%20Servers%20Servicaccount%20dom%5Csa-sql%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esetspn%20-l%20sa-sql%3C%2FP%3E%3CP%3EMSSQLSvc%2Fsql2%3A1433%3CBR%20%2F%3EMSSQLSvc%2Fsql2.dom.domain%3A1433%3CBR%20%2F%3EMSSQLSvc%2Fsql1.dom.domain%3CBR%20%2F%3EMSSQLSvc%2Fsql1.dom.domain%3A1433%3CBR%20%2F%3EMSSQLSvc%2Fsql2.dom.domain%3CBR%20%2F%3EMSSQLSvc%2Fsql1%3A1433%3CBR%20%2F%3E%3CBR%20%2F%3Ewhen%20i%20want%20to%20configure%20constrained%20delegation%20in%20the%20delegationtab%20of%20sa-rs%20i%20only%20see%3A%3CBR%20%2F%3Esql1.dom.domain%3A1433%3C%2FP%3E%3CP%3Esql1.dom.domain%3C%2FP%3E%3CP%3Esql2.dom.domain%3CBR%20%2F%3Esql2%3A1433%3CBR%20%2F%3E%3CBR%20%2F%3E2%20are%20missing.%20but%20as%20described%20i%20can%20see%20them%20wiht%20setsp%20-l%20and%20also%20if%20i%20check%20the%20sa-sql%20in%20adsiedit%20i%20see%20all%206%20of%20them....%3CBR%20%2F%3E%3CBR%20%2F%3Eany%20ideas%20why%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

i have a setup like this
DFL/FFL: 2012R2
OS:2012R2

1 Reportserver Servicaccount dom\sa-rs

2 Database Servers Servicaccount dom\sa-sql

 

setspn -l sa-sql

MSSQLSvc/sql2:1433
MSSQLSvc/sql2.dom.domain:1433
MSSQLSvc/sql1.dom.domain
MSSQLSvc/sql1.dom.domain:1433
MSSQLSvc/sql2.dom.domain
MSSQLSvc/sql1:1433

when i want to configure constrained delegation in the delegationtab of sa-rs i only see:
sql1.dom.domain:1433

sql1.dom.domain

sql2.dom.domain
sql2:1433

2 are missing. but as described i can see them wiht setsp -l and also if i check the sa-sql in adsiedit i see all 6 of them....

any ideas why?

 

1 Reply
best response confirmed by PeDe (Occasional Contributor)
Solution

PeDe_0-1627386491594.png

Didn´t click "Expanded" :facepalm:
Sry