Kerberos authentication Issue

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2008 » SQL Server 2008 Administration » Kerberos authentication Issue

Kerberos authentication Issue

Rate Topic

Display Mode

Topic Options

Author

Message

CuriousDBA

Posted Wednesday, November 07, 2012 11:31 PM

Grasshopper

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 3:41 PM
Points: 11, Visits: 60

Recently we changed our Active-Passive cluster to Active - Active (Multi Instance). After this change,some of the users were unable to use double Hop connection from (Server A --> Server B[Linked Server A]-->Client).

I notice some strange behaviour like some logins supports Double Hop only some times

All server and users are using Windows Domain accounts.

We tried to reconfigure SPN as well as Delegation, restarted the SQL Service, but still double hop connections are not working

Please advice

Post #1382270

Perry Whittle

Posted Thursday, November 08, 2012 4:46 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 11:48 AM
Points: 5,201, Visits: 11,148

you created the SPNs for the virtual network name against the sql server service account?

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Post #1382416

CuriousDBA

Posted Thursday, November 08, 2012 5:02 AM

Grasshopper

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 3:41 PM
Points: 11, Visits: 60

Yes. we have created SPN for all the servers including Virtual server Name (Cluster)

But I am confused with delegation settings, Do we need to set delegation for all the servers,including client
(Client SQL Server) for Double hope?

I am trying to access Server A ----> Server B (Linked Server A) ---> Client. Here i am getting this error

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Post #1382422

CuriousDBA

Posted Thursday, November 08, 2012 5:39 AM

Grasshopper

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 3:41 PM
Points: 11, Visits: 60

I am trying to access Server A ----> Server B (Linked Server A) ---> Client. Its working but some time getting this error

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. We have configured SPN correctly

Please advice

Post #1382435

Perry Whittle

Posted Thursday, November 08, 2012 6:04 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 11:48 AM
Points: 5,201, Visits: 11,148

CuriousDBA (11/8/2012)

Yes. we have created SPN for all the servers including Virtual server Name (Cluster)

what do you mean all servers? The only SQL Server SPNs should be the ones created for the virtualnetworkname against the service account.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Post #1382444

« Prev Topic | Next Topic »

Permissions