How to register and de-register an SPN

To view all SPNs registered under a service account, usually the one under which SQL Services are running, type the following command in the CMD prompt

                                           C:> setspn -l [domain\account]

The above should display all SQL services running under the account, that have registered their SPNs in the active directory. The format of the displayed data is like the below example

                                 MSSQLSvc/[FQDN servername]:[port number]

The above result will also serve as means to verify if indeed the SQL Server has registered an SPN correctly. This can be done by cross verifying the server name and port number against the actual server

The port number that a SQL server is running on can be found from the error log. This has to match the port with which the SPN is registered with

De-registering a SPN:

SPN can be deleted using the following command

        c:\> setspn -d MSSQLSvc/[FQDN servername]:[port number] [domain\service account name]

SPN can be registered in a similar way using the following command

        c:\> setspn -a MSSQLSvc/[FQDN servername]:[port number] [domain\service account name]

Notice that the only difference between registering and de-registering a SPN is the switch option. -d for de-registering and -a for registering