A brief explanation and solution for the Double Hop problem

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » Article Discussions » Article Discussions by Author » Discuss content posted by Kenneth Fisher » A brief explanation and solution for the...

57 posts, Page 1 of 6

1 2 3 4 5 »»»

A brief explanation and solution for the Double Hop problem

Rate Topic

Display Mode

Topic Options

Author

Message

Kenneth.Fisher

Posted Thursday, December 08, 2011 10:03 PM

Hall of Fame

Group: General Forum Members
Last Login: Yesterday @ 7:53 PM
Points: 3,367, Visits: 1,577

Comments posted to this topic are about the item A brief explanation and solution for the Double Hop problem

Kenneth Fisher
I strive to live in a world where a chicken can cross the road without being questioned about its motives.
--------------------------------------------------------------------------------
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

Link to my Blog Post --> www.SQLStudies.com

Post #1219052

896949813

Posted Friday, December 09, 2011 1:39 AM

Forum Newbie

Group: General Forum Members
Last Login: Friday, December 09, 2011 1:38 AM
Points: 2, Visits: 0

After the <a href="http://www.ugg6canada.com/ugg-kids-classic-boots-c-4/">Ugg Kids Classic Boots</a> renovation of the Canada Goose <a href="http://www.i-uggbootssale.net/kids-ugg-boots-c-12.html">Kids <a href="http://www.suprashoessale-uk.com/nike-shoes-sale-mens-air-max-2003-sale-c-86_92.html">Air Max 2003</a> <a href="http://www.ugg6canada.com/">Ugg Boots <a href="http://www.ugg6canada.com/ugg-fox-fur-boots-c-40/">Ugg Fox Fur Boots</a> Sale</a> Ugg Boots Sale</a> Solaris wife <a href="http://www.canadagoose-coats-sale.com/canada-goose-chateau-parka-c-2.html">Canada Goose Chateau Parka Online</a> <a href="http://www.suprashoessale-uk.com/nike-shoes-sale-c-86.html">Nike Shoes Sale</a> looks more youth and sports，Suitable for the urban womenlook great and stay warm. UGG classic tall boots, UGG classic <a href="http://www.i-uggbootssale.net/ugg-amberlee-boots-c-13.html">UGG Amberlee Boots Sale</a> cardy boots, UGG classic short boots and <a href="http://www.i-uggbootssale.net/">Ugg Boots Store</a> the style are always Continuously increasing, there will be <a href="http://www.canadagoose-coats-sale.com/canada-goose-banff-parka-c-1.html">Canada Goose Banff Parka Sale</a> one is you like. All Supra Skytop Shoes - Supra Vaider Shoes - Supra Society Shoes at High Discount & High Quality. Welcome to Buy Supra Shoes in this Supra Shoes Sale season, Buy now! Atlantic Ugg Jimmy Choo Sora Black Boots <a href="http://www.canadagoose-coats-sale.com/">Canada Goose Coats</a> makes you attractive and confident kangdaseo001post

Post #1219124

896949813

Posted Friday, December 09, 2011 1:40 AM

Forum Newbie

Group: General Forum Members
Last Login: Friday, December 09, 2011 1:38 AM
Points: 2, Visits: 0

Ugg Boots Tall Classic Pink are Made of 100% premiun wool, so it's comfortable, the tall Timberland 6 Inch Boots Men href="http://www.boots2canada.com/ugg-boots-jimmy-choo-c-19/">Jimmy Choo Ugg Boots boots make Ugg Jimmy [b]Timberland Chukka Boots Sale Choo Timberland Boots Sale[/b] you look more elegant Ugg Boots Kids ugg australia amberlee boots Ugg Classic Boots Tall Chocolate are so cool and warm for you.Classic Ugg Kids style can match with Kids Ugg Boots href="http://www.boots2canada.com/ugg-fox-fur-boots-c-21/">Fox Fur Ugg Boots your jeans well and the top ed here Kids Ugg Boots now Atlantic Ugg Jimmy Choo Kaia Ugg Boots Canada Leopard Boots makes you attractive Ugg Boots Canada and confident. Mens Timberland 6 Inch Boots Black With White Timberland Words has great outside looking with the generous log pattern. High quality with premium full-grain waterproof leather and seam-sealed kangdaseo001post

Post #1219125

stevehindmarsh

Posted Friday, December 09, 2011 1:45 AM

SSC Eights!

Group: General Forum Members
Last Login: Friday, June 14, 2013 2:35 AM
Points: 852, Visits: 525

One comment - 'Dynamic Ports being the default for named instances'. The port is only truly dynamic for the installation of SQL Server - once it's installed, the port number is static and does not change.

So SPNs and Kerberos will work fine with named instances and dynamic ports. You just need to identify the correct port number after installation is complete.

Post #1219126

John.Sansom

Posted Friday, December 09, 2011 2:55 AM

Old Hand

Group: General Forum Members
Last Login: 2 days ago @ 11:19 AM
Points: 343, Visits: 1,466

Kenneth, an excellent effort at covering a challenging a topic. Good stuff!

One question I imagine other readers might have, "how would the implementation steps differ, if at all, were both ServerA and ServerB using the same SQL Server Service Account?".

John Sansom (@sqlBrit) | www.sqlbrit.com

Post #1219174

george sibbald

Posted Friday, December 09, 2011 3:45 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 3:21 PM
Points: 5,317, Visits: 11,307

Kenneth, thanks for the article. couple of points: are you sure the SQL restart is necessary to get this working, and the error you will often see returned with the double hop scenario is 'cannot generate SSPI context'

Heres another good source on kerberos, linked servers and double hop

http://blogs.msdn.com/b/sql_protocols/archive/2006/08/10/694657.aspx.

Has anyone got this working when the first hop is to SQL server and the second to AD itself (i.e. an ADSI linked server set up)

---------------------------------------------------------------------

Post #1219194

David Jackson

Posted Friday, December 09, 2011 3:55 AM

SSC-Addicted

Group: General Forum Members
Last Login: Friday, March 08, 2013 11:15 AM
Points: 440, Visits: 1,785

Kenneth

Very good article. A succinct way to get this to go.

For those that want a bit more depth, Brian Kelly wrote a good article at http://www.sqlservercentral.com/articles/Security/65169/

HTH

Dave J

http://glossopian.co.uk/
"I don't know what I don't know."

Post #1219202

Franky Leeuwerck

Posted Friday, December 09, 2011 4:09 AM

Old Hand

Group: General Forum Members
Last Login: Thursday, June 13, 2013 3:52 AM
Points: 350, Visits: 470

Thanks for this brief overview !
Franky

Franky L.

Post #1219213

nico van niekerk

Posted Friday, December 09, 2011 5:00 AM

SSC Rookie

Group: General Forum Members
Last Login: Thursday, February 21, 2013 12:31 PM
Points: 31, Visits: 98

stevehindmarsh (12/9/2011)

Not true. What you are referring to is that SS will try to reuse the current dynamic port, it never becomes 'static'. If it's available it will use it again. If it has been grabbed by another application, it will renegotiate, FTP-style, a new port. It is especially true if one restarts the SS service, or takes the server off-line.

Post #1219255

Kenneth.Fisher

Posted Friday, December 09, 2011 5:35 AM

Hall of Fame

Group: General Forum Members
Last Login: Yesterday @ 7:53 PM
Points: 3,367, Visits: 1,577

John.Sansom (12/9/2011)

While I have to admit I have never tried itmy understanding is that each instance of SQL Server must have a different service account for this to work.

Kenneth Fisher
I strive to live in a world where a chicken can cross the road without being questioned about its motives.
--------------------------------------------------------------------------------
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

Link to my Blog Post --> www.SQLStudies.com

Post #1219265

« Prev Topic | Next Topic »

57 posts, Page 1 of 6

1 2 3 4 5 »»»

Permissions