Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Kerberos authentication Issue Expand / Collapse
Author
Message
Posted Wednesday, November 7, 2012 11:31 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 3:41 PM
Points: 11, Visits: 60
Recently we changed our Active-Passive cluster to Active - Active (Multi Instance). After this change,some of the users were unable to use double Hop connection from (Server A --> Server B[Linked Server A]-->Client).

I notice some strange behaviour like some logins supports Double Hop only some times

All server and users are using Windows Domain accounts.

We tried to reconfigure SPN as well as Delegation, restarted the SQL Service, but still double hop connections are not working

Please advice
Post #1382270
Posted Thursday, November 8, 2012 4:46 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 3:09 AM
Points: 6,170, Visits: 13,311
you created the SPNs for the virtual network name against the sql server service account?

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1382416
Posted Thursday, November 8, 2012 5:02 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 3:41 PM
Points: 11, Visits: 60
Yes. we have created SPN for all the servers including Virtual server Name (Cluster)

But I am confused with delegation settings, Do we need to set delegation for all the servers,including client
(Client SQL Server) for Double hope?

I am trying to access Server A ----> Server B (Linked Server A) ---> Client. Here i am getting this error

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Post #1382422
Posted Thursday, November 8, 2012 5:39 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 3:41 PM
Points: 11, Visits: 60
I am trying to access Server A ----> Server B (Linked Server A) ---> Client. Its working but some time getting this error

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. We have configured SPN correctly

Please advice
Post #1382435
Posted Thursday, November 8, 2012 6:04 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 3:09 AM
Points: 6,170, Visits: 13,311
CuriousDBA (11/8/2012)
Yes. we have created SPN for all the servers including Virtual server Name (Cluster)

what do you mean all servers? The only SQL Server SPNs should be the ones created for the virtualnetworkname against the service account.


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1382444
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse