Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

IIS 7, SQL, and Kerberos Expand / Collapse
Author
Message
Posted Wednesday, October 17, 2012 12:47 PM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Today @ 5:25 AM
Points: 430, Visits: 964
Hey gang,

We're trying very hard to connect an internal webapp to an SQL Server 2008 R2.
I really want to know which authenticated user is connecting to SQL Server.
The IIS and SQL servers are on the same physical box.

I believe we are in the classic "double-hop" scenario.

The best info I've found so far is at:
http://www.adshotgyan.com/2011/01/kerberos-double-hop-troubleshooting_4351.html
We've worked through everything in that post, except we're using a single AD account, rather than the 2 in that example. It does not appear to be implied that 2 accounts must be used.

Questions:

When the Application Pool Defaults are set to use the AD domain account we've set up to connect, the connection is made to SQL Server via TCP, but it always uses NTLM, not Kerberos. If I remove NTLM as a provider in IIS - Authentication, I get a 401 - invalid credentials.

Can anyone point me to where to look next?

Thanks!



Post #1374005
Posted Thursday, October 18, 2012 7:02 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Today @ 5:25 AM
Points: 430, Visits: 964
Progress!

Authentication Type: Negotiate
Protocol: Kerberos
Authenticated identity: Domain\Me
Thread identity: Domain\Me
Windows identity: Domain\SQL-Service
Environment identity: SQL-Service

We're now using Kerberos at least as far as the IIS Server!

So now we just need to get to the SQL Server...



Post #1374318
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse