Merge pull request #8219 from PhilB-MSFT/patch-20

jborsecnik · web-flow · commit 3da9797d9cf7 · 2022-12-13T15:10:52.000-08:00
Update create-a-database-mirroring-endpoint-for-windows-authenticatio…
diff --git a/docs/database-engine/database-mirroring/create-a-database-mirroring-endpoint-for-windows-authentication-transact-sql.md b/docs/database-engine/database-mirroring/create-a-database-mirroring-endpoint-for-windows-authentication-transact-sql.md
@@ -102,7 +102,10 @@ helpviewer_keywords:
         >  Each server instance requires one and only one unique listener port.  
   
     -   For Windows Authentication, the AUTHENTICATION option is optional, unless you want the endpoint to use only NTLM or Kerberos to authenticate connections. *\<authorizationMethod>* specifies the method used to authenticate connections as one of the following: NTLM, KERBEROS, or NEGOTIATE. The default, NEGOTIATE, causes the endpoint to use the Windows negotiation protocol to choose either NTLM or Kerberos. Negotiation enables connections with or without authentication, depending on the authentication level of the opposite endpoint.  
-  
+
+        > [!NOTE]
+        > To use Kerberos authentication for the communication between Availability Group endpoints, [register a Service Principal Name for Kerberos Connections](../../database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections.md) for the HADR/mirroring endpoints.
+
     -   ENCRYPTION is set to REQUIRED by default. This means that all connections to this endpoint must use encryption. However, you can disable encryption or make it optional on an endpoint. The alternatives are as follows:  
   
         |Value|Definition|  
