Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Linked server error Expand / Collapse
Author
Message
Posted Thursday, April 25, 2013 3:01 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, November 26, 2014 12:00 PM
Points: 58, Visits: 618
Hello,

I'm trying to setup a Linked server between SS 2005 and SS2012 but keep getting "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." from SS2005 side. I checked SPN for SS2012 and found two :

MSSQLSvc/myServer\INT:1433
MSSQLSvc/myServer.myDomain.local\INT:1433

Is this considered as duplicated SPN that I need to delete one?

If this is not the issue, any idea why we're getting that error?

Thanks much!!
Post #1446725
Posted Thursday, April 25, 2013 10:00 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: 2 days ago @ 9:43 PM
Points: 1,282, Visits: 1,762
Can you make it work with SQL authentication first? If so, then you'll know if it's an SPN / authentication issue.
eg
EXEC master.dbo.sp_addlinkedserver @server = N'linkedservername', @srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'linkedservername',@useself=N'False',@locallogin=NULL,@rmtuser=N'remoteSQLlogin',@rmtpassword='remoteSQLpasswrd'

GO

Post #1446788
Posted Monday, May 20, 2013 11:47 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Monday, June 23, 2014 6:49 AM
Points: 62, Visits: 326

DINESH\TEST3=> servername
dba =>username
######## => Password

then create linked server.
EXEC master.dbo.sp_addlinkedserver @server = N'DINESH\TEST3', @srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'DINESH\TEST3',@useself=N'False',@locallogin=NULL,@rmtuser=N'dba',@rmtpassword='########'

GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation compatible', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'data access', @optvalue=N'true'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'dist', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'pub', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc out', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'sub', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'connect timeout', @optvalue=N'0'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation name', @optvalue=null
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'lazy schema validation', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'query timeout', @optvalue=N'0'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'use remote collation', @optvalue=N'true'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'remote proc transaction promotion', @optvalue=N'true'
GO

Plz check and confirm.
Post #1454657
Posted Monday, May 20, 2013 2:33 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Monday, November 24, 2014 5:29 AM
Points: 51, Visits: 424
You can easily check for duplicate SPN's.

Setspn
-F = perform the duplicate checking on forestwide level

And when you add SPN's use -S instead of -A, -S checks for duplicate before adding it.
Post #1454738
Posted Wednesday, May 22, 2013 4:02 AM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Monday, November 24, 2014 3:46 AM
Points: 709, Visits: 1,442
MSSQLSvc/myServer\INT:1433
MSSQLSvc/myServer.myDomain.local\INT:1433

Is this considered as duplicated SPN that I need to delete one?


A NetBIOS name entry and a FQDN entry are not considered duplicates.

If you are creating the linked server from the SQL Server 2005 side I would check the SPNs for that one and ensure it and delegation are setup correctly, since it is the one delegating your login to the SQL Server 2012 instance.


Joie Andrew
"Since 1982"
Post #1455399
Posted Wednesday, July 3, 2013 7:48 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: 2 days ago @ 7:42 AM
Points: 1,884, Visits: 3,469
First you need to confirm that Kerberos is working on both SQL Server. That can easily be done by connecting to each of them and checking auth_scheme column in sys.dm_exec_connections for your session id.

But just setting up SPN's wont work. Since the client is doing a double-hop you also need to allow the first SQL Server to delegate the Kerberos token to the second SQL Server. This is done in AD on the account running the SQL Server service on the first server (the one with the linked server). Open the account properties and go to the Delegation tab. I think you need to be domain admin to change delegation properties.
Post #1470057
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse