The issue seems to be a windows credentials issue. I was getting the same error on my work laptop with a VPN. I am supposedly logged in as my Domain/Username, which is what I use successfully when connecting directly but as soon as I move to a VPN with another connection I receive this error. I thought it was a DNS issue as I could ping the server but it turns out I needed to run SMSS explicitly as my user from Command prompt.

e.g runas /netonly /user:YourDoman\YourUsername "C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe

Not at all an ideal solution, I just wanted to add this for future reference for anyone seeing this page:

I was having this issue trying to connect to a remote SQL Server instance using my domain account, trying the same thing on an instance hosted on a different machine worked fine.

So if you have the option to just use a different instance it may help, but this doesn't actually address whatever the issue is.

Check your clock matches between the client and server.

When I had this error intermittently, none of the above answers worked, then we found the time had drifted on some of our servers, once they were synced again the error went away. Search for w32tm or NTP to see how to automatically sync the time on Windows.

I'll add this here as it caught me out and may help someone else. Caveat emptor, I am not a windows person, but had to look at a scenario that included SQL server.

I downloaded the developer version of the full SQL Server product and installed it on Windows 10. All good for local connections, nothing for the remote client.

Tried many of the above but it eventually dawned on me that the Windows Authentication wanted to authenticate remoteclient\myuser and there was no way in a standalone Windows world to create a mechanism to authenticate against (As I understand it kerberos). The error message being "Cannot generate SSPI context".

Using SQL Authentication didn't appear to work either.

I eventually went back to SQL Server Express which has a combined mode and I could then use SQL Authentication from the remote clients.

I ran into a new one for this: SQL 2012 hosted on Server 2012. Was tasked to create a cluster for SQL AlwaysOn.
Cluster was created everyone got the SSPI message.

To fix the problems ran following command:

setspn -D MSSQLSvc/SERVER_FQNName:1433 DomainNamerunningSQLService

DomainNamerunningSQLService == the domain account I set for SQL I needed a Domain Administrator to run the command. Only one server in the cluster had issues.

Then restarted SQL. To my surprise I was able to connect.

I ran into a variant of this issue, here were the characteristics:

• User was able to successfully connect to a named instance, for example, connections to Server\Instance were successful
• User was unable to connect to the default instance, for example, connections to Server failed with the OP's screenshot regarding SSPI
• User was unable to connect default instance with fully qualified name, for example, connections to Server.domain.com failed (timeout)
• User was unable to connect IP address without named instance, for example, connections to 192.168.1.134 failed
• Other users not on the domain (for example, users who VPN to the network) but using domain credentials were able to successfully connect to the default instance and IP address

So after many headaches of trying to figure out why this single user couldn't connect, here are the steps we took to fix the situation:

1. Take a look at the server in the SPN list using
   setspn -l Server
   a. In our case, it said Server.domain.com
2. Add an entry to the hosts file located in C:\Windows\System32\drivers\etc\hosts (run Notepad as Administrator to alter this file). The entry we added was
   Server.domain.com Server

After this, we were able to successfully connect via SSMS to the default instance.