A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses
a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated
SQL Server named SQL1.
Users report that they can no longer access the application by using their domain credentials.
You need to ensure that users can access App1.
Solution: You configure Kerberos-constrained delegation and then run the following command from an
administrative command prompt:
setspn-a MSSQLsvc/SQLl:1433 <domain>\\<sql_service>
Does this meet the goal?
A.
Yes
B.
No
Explanation:
For a default instance of SQL Server, listening on port 1433, the service principal name (SPN) format is as
follows:
MSSQLSvc/serverxyz.your_domain.com:1433
MSSQLSvc/serverxyz:1433
Kerberos allows the use of delegation where the frontend service (for ex. Web App) can connect to a
remote backend service (for ex. SQL Server) using the identity of the windows user who was
authenticated to the frontend service. The user can authenticate to the frontend service using Kerberos
and then the frontend service can authenticate using Kerberos to a backend service using the identity of
the user.
SQL Server Kerberos and SPN Field Guide
http://blogs.msdn.com/b/sqlupdates/archive/2014/12/05/sql-server-kerberos-and-spn-quickreference.aspx