Hi, We have SSRS running as "mydomain\ssrs_svc" and SQL2008 running as "mydomain\sql_svc". SQL2008 is running as the default instance on "sqlbox" To set up SPNs for Kerberos, what should be command for the SPN for SQL2008? Is it setspn -a MSSQLSvc/sqlbox:1433 mydomain\ssrs_svc or setspn -a MSSQLSvc/sqlbox:1433 mydomain\sql_svc Te link below says that the first option above is correct. It says "it does not matter which account SQL Server is running under" http://callumhibbert.blogspot.com/2009/02/kerberos-delegation-and-sql-reporting.html On the other hand, MS documentation is sort of vague about this and implies that second option above is correct. http://download.microsoft.com/download/B/E/1/BE1AABB3-6ED8-4C3C-AF91-448AB733B1AF/SSRSKerberos.docx None of the options work for me at the moment setspn -a MSSQLSvc/sqlbox:1433 mydomain\ssrs_svc produces "The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server sql_svc.....This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. " setspn -a MSSQLSvc/sqlbox:1433 mydomain\sql_svc produces "KDC_ERR_BADOPTION"