Creating an SPN for the query service

You must create a service principal name (SPN) for the query service to use. The SPN must be configured with an Active Directory domain user that is trusted for delegation.

The SPN must be formatted as spn@REALM. The spn value is formatted as service name/fully qualified domain name. And REALM is the realm name that is configured in the Kerberos initialization file. For example, if dqm is the service name, dqm/myserver.mydomain.com@MYWINDOWSDOMAIN.COM.

If your Active Directory domain user is named dqmuser, you would register the SPN by using the following command:

setspn -s dqm/myserver.mydomain.com mywindowsdomain\dqmuser

You can use the -L and -Q parameters to verify that the SPN was created correctly. For example:

setspn -L mywindowsdomain\dqmuser

setspn -Q dqm/myserver.mydomain.com