I got excited when I saw the title of this recent post on the Microsoft Customer Service and Support (CSS) SQL blog.
A few months ago, we were seeing “Cannot Generate SSPI Context” errors intermittently on a number of our systems that connect to SQL Server via Windows Authentication, including SharePoint. These errors would come in a barrage that would last about 15 minutes, causing a system outage during that time. However, by the time the outage was reported and we went to troubleshoot the problem, things were working again without any intervention on our part.
It was difficult to try and pinpoint a particular cause. The affected systems use different service accounts from the same domain so it did not appear to be account-related. While the connections were failing, SQL Server was still running and able to perform other tasks such as writing backups across the network. The occurrences were at various times and it seemed to affect one server at a time rather than all at once. It seemed to be related to something along the lines of domain controller replication or bottlenecks but I could not prove it.
Troubleshooting was further complicated by the fact that we were dealing with an issue that was the very definition of intermittent. We still have not identified a particular cause either. After about a month of this happening periodically (and at least several times a week), it just seemed to go away. I do not think it has occurred in at least two months now. Of course, I am happy not to be dealing with the outages, but having it go away without figuring it out is quite frustrating as well.
When I saw “Cannot Generate SSPS Context” in the CSS blog title, I got my hopes up that it might shed some light on possible causes of our issues. I did not have to read too far, however, before realizing that their issue was different. As the post describes, their issue was reproducible. Reproducible SSPI context issues tend to be related to multi-hop scenarios or service account password issues.
If any of my thousands of loyal readers has any ideas on what may have caused our SSPI context errors, please leave a comment!
Posted by Brian Garraty 
NULLgarity 