Linked server error

  • Hello,

    I'm trying to setup a Linked server between SS 2005 and SS2012 but keep getting "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." from SS2005 side. I checked SPN for SS2012 and found two :

    MSSQLSvc/myServer\INT:1433

    MSSQLSvc/myServer.myDomain.local\INT:1433

    Is this considered as duplicated SPN that I need to delete one?

    If this is not the issue, any idea why we're getting that error?

    Thanks much!!

  • Can you make it work with SQL authentication first? If so, then you'll know if it's an SPN / authentication issue.

    eg

    EXEC master.dbo.sp_addlinkedserver @server = N'linkedservername', @srvproduct=N'SQL Server'

    EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'linkedservername',@useself=N'False',@locallogin=NULL,@rmtuser=N'remoteSQLlogin',@rmtpassword='remoteSQLpasswrd'

    GO

  • DINESH\TEST3=> servername

    dba =>username

    ######## => Password

    then create linked server.

    EXEC master.dbo.sp_addlinkedserver @server = N'DINESH\TEST3', @srvproduct=N'SQL Server'

    EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'DINESH\TEST3',@useself=N'False',@locallogin=NULL,@rmtuser=N'dba',@rmtpassword='########'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation compatible', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'data access', @optvalue=N'true'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'dist', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'pub', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc out', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'sub', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'connect timeout', @optvalue=N'0'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation name', @optvalue=null

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'lazy schema validation', @optvalue=N'false'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'query timeout', @optvalue=N'0'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'use remote collation', @optvalue=N'true'

    GO

    EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'remote proc transaction promotion', @optvalue=N'true'

    GO

    Plz check and confirm.

  • You can easily check for duplicate SPN's.

    Setspn

    -F = perform the duplicate checking on forestwide level

    And when you add SPN's use -S instead of -A, -S checks for duplicate before adding it.

  • MSSQLSvc/myServer\INT:1433

    MSSQLSvc/myServer.myDomain.local\INT:1433

    Is this considered as duplicated SPN that I need to delete one?

    A NetBIOS name entry and a FQDN entry are not considered duplicates.

    If you are creating the linked server from the SQL Server 2005 side I would check the SPNs for that one and ensure it and delegation are setup correctly, since it is the one delegating your login to the SQL Server 2012 instance.

    Joie Andrew
    "Since 1982"

  • First you need to confirm that Kerberos is working on both SQL Server. That can easily be done by connecting to each of them and checking auth_scheme column in sys.dm_exec_connections for your session id.

    But just setting up SPN's wont work. Since the client is doing a double-hop you also need to allow the first SQL Server to delegate the Kerberos token to the second SQL Server. This is done in AD on the account running the SQL Server service on the first server (the one with the linked server). Open the account properties and go to the Delegation tab. I think you need to be domain admin to change delegation properties.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply