SuperSocket info: (SpnRegister): Error 8344 SuperSocket Info: (SPNRegister) : Error 1355 SuperSocket info: SpnUnRegister() : Error 8344

Several times when you open Windows event log you may find some supoer socket related errors for SQL server, you may be amused that everything is working fine then why such errors, microsoft has provided a very good article on such issues, this error occur when you have configured SQL services to run under domain service account. Please find article review below,

Error message/Symptoms:

When SQL Server starts on a computer that is running Microsoft SQL Server 2000 or Microsoft SQL Server 2005, the SQL Server program always attempts to register the virtual server in the Active Directory. The following event may be logged in the event log:

SuperSocket info: (SpnRegister): Error 8344 SuperSocket Info: (SPNRegister) : Error 1355 SuperSocket info: SpnUnRegister() : Error 8344.

NoteError 1355 is equal to ERROR_NO_SUCH_DOMAIN. Error 8344 is equal to insufficient permissions to perform the registration operation. This is shown as a warning for the SPNRegister function and as an error for the SpnUnRegister function.

Microsoft Solution:


The message usually appears because the SQL Server service account is running as a domain user who does not have requisite permissions to register SPNs.


You can also edit the account’s Access Control Settings permissions in the Active Directory directory service to enable the Read servicePrincipalName permission and the Write servicePrincipalName permission for the SQL Service account.

Workaround provided by Microsoft:

To resolve these type messages and enable the SQL Server service to create SPNs dynamically for your SQL Server instances, ask your domain administrator to add the appropriate permissions and user rights to the SQL Server startup accounts.

To enable the SQL Server service account to establish SPNs correctly on startup, follow these steps:

  1. Click Start, click Run, type Adsiedit.msc, and then click OK.
  2. In the ADSI Edit window, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN=AccountName, and then click Properties.
  3. Notes

    • DomainName represents the name of the domain.
    • RootDomainName is a placeholder for the name of the root domain.
    • AccountName represents the account that you specify to start the SQL Server service.
    • If you have specified Local System to start the SQL Server service, AccountName represents the account that you use to log on to Microsoft Windows.
    • If you have specified a domain user account for the SQL Server service, AccountName represents the domain user account.
  4. In the CN=AccountName Properties dialog box, click the Security tab.
  5. On the Security tab, click Advanced.
  6. In the Advanced Security Settings dialog box, make sure that the SELF user is listed under Permission entries. If the SELF user is not listed, click Add, and then add the SELF user.
  7. Under Permission entries, click SELF, and then click Edit.
  8. In the Permission Entry dialog box, click the Properties tab.
  9. On the Properties tab, click This object only in the Apply onto list, and then make sure that the following permissions are selected under Permissions:
    • Read servicePrincipalName
    • Write servicePrincipalName
  10. Click OK three times, and then close the ADSI Edit window.

When you perform this workaround, you eliminate SPN issues for new installations or installations that have had the TCP/IP port or domain name modified.

Note: Microsoft has confirmed that this is a problem in SQL Server 2000 and SQL Server 2005.

Final Verdict: The domain service accounts should have AD SPN read/write permissions to avoid such issues.

Download PDF

Related Posts

About the Author: Nitin Garg

Indian born, trekker, biker, photographer, lover of monsoons... I love to blog the topics I research and find useful for self or online community to save time and energy :) Everything you read on my blog is my own personal opinion!

Leave a comment

Subscribe to this blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 252 other subscribers

Translate this blog!



June 2020
« Nov    

View Post by Categories

%d bloggers like this: