Applies to: All versions of Centrify DirectAudit on Windows.
When using the wizard to add the SPN to the Active Directory entry, it always uses the dynamic port even when the SQL server does have static port configured. The following error will be seen:
The SQL Server instance is running with a domain user account whose Active Directory entry does not have the required SQL Server Service Principal(SPN). The following SPN will be added to the Active Directory entry:
MSSQLSvc/<server FQDN>:<high end port>
The reason the dynamic port is used because the SQL server is listening on both static port and dynamic port. DirectAudit first check if SQL is listening on dynamic port or not and if no dynamic port is found, the system continue to check for the static port. Because of this order of checking, dynamic port is always returned first and hence the observed behavior.
When it is needed to specify a static port, a blank value is set for dynamic port (not zero or any other number) in order to disable the dynamic ports. It is recommended to set the value for TCP dynamic port to blank under IPAll section of SQL configuration manager. Then restart the SQL server service for changes to take effect.