We have a Windows Server 2012 with SQL Server 2012 instance.
Its services used to run under an Active Directory account from an old domain, from Windows 2000 Server. A few years ago we replaced our AD to Windows Server 2012 and created a new domain.
Now we decided to replace the service account to the new domain. When that change was done, Windows Authentication failed to work. SQL Server shows message "Cannot generate SSPI context".
If I log in the server using MSTSC, Windows Authentication works. But if I try to log from my local PC, it fails.
I've read some support as https://support.microsoft.com/en-us/kb/811889, but it's kinda old and I'm unable to properly understand it.
Any idea what's causing this error, and how to solve it?
Best Answer
You can find a more information on Kerberos from the CSS team here. As well Microsoft released a tool that can help you identify Kerberos issues, download that here.
To troubleshoot, check your error log that shows the startup of your instance
after
you changed the service account to that new domain. In a perfect world you will see a message like this:If it fails it will show a similar message just with a failure and should provide an error code. If not check your Windows Event log for similar events around startup time of SQL Server.
To fix the issue you need to follow the KB article you provided. It is not old and is still current, check the "Applies to" section where it list all the editions of SQL Server 2012.