The Target Principal Name Is Incorrect. Cannot Generate SSPI Context (SQL or AD Issue)?
setspn -X to look for duplicate SPNs for the SQL Server in question.
Remove any duplicate SPNs that don't line up the SQL Server Service account in question.
Service Principal Names for SQL Server take the form of:
Assuming your SQL Server is using the default TCP port, 1433, I would expect you need the following servers:
You can create those SPNs using the following command:
SETSPN -A MSSQLSvc/MASSQL.abc.com:1433 DOMAIN\Account SETSPN -A MSSQLSvc/MASSQL:1433 DOMAIN\Account
Where DOMAIN\Account is the name of the service account used by SQL Server.
If your SQL Server uses a named instance, the SETSPN commands look like:
SETSPN -A MSSQLSvc/MASSQL.abc.com:1433 DOMAIN\Account SETSPN -A MSSQLSvc/MASSQL:1433 DOMAIN\Account SETSPN -A MSSQLSvc/MASSQL.abc.com:INSTANCENAME DOMAIN\Account SETSPN -A MSSQLSvc/MASSQL:INSTANCENAME DOMAIN\Account
The SQL Server SPNs are not set on the computer account per se, but on the account that SQL Server is running under. You will need to create two SPNs for the SQL Server service if the service account does not have permissions to create the SPNs. The following examples assume using the default port of 1433.
SetSPN -s "MSSQLSvc/<FQDN_SERVERNAME>" "<DOMAIN>\<SERVICE_ACCOUNT_NAME>" SetSPN -s "MSSQLSvc/<FQDN_SERVERNAME>:1433" "<DOMAIN>\<SERVICE_ACCOUNT_NAME>"
See Register a Service Principal Name for Kerberos Connections
To check to see if they are already there:
SetSPN -L ServiceAccountName
However, it seems that you may have bigger issues in play. If you configured SQL Server to run with a domain admin account, it should have had permissions to create the SPNs.