The issue stemmed from me following Microsoft's recommended security guidelines. Microsoft tells you in the implementation guide, to setup, for optimal security- separate domain user accounts for the various crm and sql services, and to make those normal domain accounts, local administrator accounts on the crm/sql servers.
What Microsoft neglected to mention was how to properly setup these service accounts. There's more to it than simply adding domain user accounts and assigning them to the service and it cost me a support call to Microsoft to figure that out- what a clever way of generating revenue....
Hopefully I'll save someone else that cost by posting the process below.
One Note; Apparently this is only an issue where you have CRM and SQL setup on the same server because there can be only one SPN service account per server (or so Im told). Had I had separate servers, each server could have its own unique service account for the crm server and the sql server. But since I had 2 unique service accounts, for crm and sql services, both on the same server this was an issue.
This process was repeated for each SPN service account on the server (I had three- 1 for SQL, 1 for CRM, and 1 for Reporting Services).
SETTING SPN ON A SERVICE ACCOUNT
Required setup when specifying a domain user account as a service account.
* Requires Windows Server 2003 SUPPORT TOOLS SP1 Installation
C:\Program Files\Support Tools>setspn/?
Usage: setspn [switches data] computername
Where "computername" can be the name or domain\name
Switches:
-R = reset HOST ServicePrincipalName
Usage: setspn -R computername
-A = add arbitrary SPN
Usage: setspn -A SPN computername
-D = delete arbitrary SPN
Usage: setspn -D SPN computername
-L = list registered SPNs
Usage: setspn [-L] computername
Examples:
setspn -R daserver1
It will register SPN "HOST/daserver1" and "HOST/{DNS of daserver1}"
setspn -A http/daserver daserver1
It will register SPN "http/daserver" for computer "daserver1"
setspn -D http/daserver daserver1
It will delete SPN "http/daserver" for computer "daserver1"
ACTUAL PROCESS BELOW
C:\>cd C:\Program Files\Support Tool
C:\Program Files\Support Tools>setspn.exe -a http/CrmServerName DomainName\svc_crmlocal
(Output Below)
Registering ServicePrincipalNames for CN=svc_crmlocal,OU=Utility Local Admins,DC=DomainName,DC=local
http/CrmServerName
Updated object
C:\Program Files\Support Tools>setspn.exe -a http/CrmServerName.DomainName.local DomainName\svc_crmlocal
(Output Below)
Registering ServicePrincipalNames for CN=svc_crmlocal,OU=Utility Local Admins,DC=DomainName,DC=local
http/CrmServerName.DomainName.local
Updated object
(verifying settings implemented correctly below)
C:\Program Files\Support Tools>setspn.exe -l DomainName\svc_crmlocal
(Output Below)
Registered ServicePrincipalNames for CN=svc_crmlocal,OU=Utility Local Admins,DC=DomainName,DC=local:
http/CrmServerName.DomainName.local
http/CrmServerName
(restart IIS for changes to take affect)
C:\Program Files\Support Tools>iisreset
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted
C:\Program Files\Support Tools>
Hope this helps someone!
