The SQL Server Principal Name (SPN) could not be validated in Active Directory.


SQL Service Principal Name (user as an ‘SQL Server’ Service account) and for example: SCCM 2012

After installing SCCM2012 we find warnings and errors in the SCCM Component Status logs.
Something with SQL, service accounts running as a user, and SPN. Again much info on Microsoft Technet.

Here is How to Configure an SPN for SQL Server Site Database Servers or you can grant the permitions to your sql service account so it can configure the SPN itself: Add account permission to create SPN:

Run ADSIEdit as a Domain Admin.
Find the SQL Server, Service account, right click, properties.
Select the Security tab
Click Advanced
Click Add. Type “SELF” in the object box. Click OK.  (or select SELF if exists)
Select the Properties Tab (NOT Objects)
Scroll down and check the “Allow” box for “Read servicePrincipalName” and “Write servicePrincipalName”
Click OK. Click OK. Click OK.
Restart your SQL service!

Check the configuration with the following command SetSPN -L <AD Sql Service Account name> the output should be something like:

Registered ServicePrincipalNames for CN=svSQL,OU=ServiceAccounts,OU=People,OU=RHCS,DC=rhcs,DC=nl:


Good luck,


Ronny Holtmaat