If you go through the above articles, you will find that for most of the above errors, the resolution will involve correcting or setting SQL Server SPNs which can be done using SetSPN utility. Instead of setting SPNs manually, you may want to give ReadServicePrincipalName and WriteServicePrincipalName rights to SQL Server service start-up account so that it can register and de-register SQL Server SPNs on its own whenever the SQL Server service is started and stopped. As the above articles describe, these rights can be granted from ADSIEDIT tool. But recently I got a question where I was asked if there is a way other than ADSIEDIT tool to perform this operation. Well, here is the answer.
Below is an easy command-line way to perform this operation. This can be done over the command prompt using utility called ‘dsacls’ instead of ‘SetSPN’. Below is the command and need to be run with domain admin rights (as was always required for setting/modifying/deleting SPNs).
NOTE - This is in no way recommended to do on a SQL Cluster Instance. We do not recommend to allow the auto update of the SPN in a SQL cluster. In Stand Alone it is okay to do this procedure when using a domain account for the SQL Server Service. Do not need to do this if SQL is running under system since system already has the write SPN privilege.
Author : Deepak (MSFT) , SQL Developer Engineer , Microsoft
Reviewed by : Evan (MSFT) , SQL Escalation Services, Microsoft