Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Removed SQL 2012 Instance from Cluster, now having Kerberos problems. Suggestions? Expand / Collapse
Author
Message
Posted Thursday, October 10, 2013 4:03 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: 2 days ago @ 10:38 AM
Points: 210, Visits: 969
Interesting dilemma... we were having an issue with the Passive node of one of our SQL 2012 Active/Passive clusters (running on Windows 2008), and in working with Microsoft a clean-up script was executed which basically destroyed the cluster. The end suggestion was to uninstall SQL and rebuild the cluster, but I was able to pull the Cluster registry key from the Instance and start MS SQL outside of the cluster. All is working great, but now we're finding Kerberos issues with double-hops like with Integrated Security with SSRS or deploying SSIS packages. It's not picking-up the authenticated credentials and is instead using an Anonymous account.

I've lisetd out the SPN info for both the server name and former Cluster name on the server, but I'm unsure of what to change or drop to fix this. Any suggestions?

Thanks.
Post #1503815
Posted Friday, October 11, 2013 12:37 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: 2 days ago @ 10:38 AM
Points: 210, Visits: 969
samalex (10/10/2013)
Interesting dilemma... we were having an issue with the Passive node of one of our SQL 2012 Active/Passive clusters (running on Windows 2008), and in working with Microsoft a clean-up script was executed which basically destroyed the cluster. The end suggestion was to uninstall SQL and rebuild the cluster, but I was able to pull the Cluster registry key from the Instance and start MS SQL outside of the cluster. All is working great, but now we're finding Kerberos issues with double-hops like with Integrated Security with SSRS or deploying SSIS packages. It's not picking-up the authenticated credentials and is instead using an Anonymous account.

I've lisetd out the SPN info for both the server name and former Cluster name on the server, but I'm unsure of what to change or drop to fix this. Any suggestions?

Thanks.


I found the cause of the problem, so I'm working on the solution which hopefully will work. The SQL Server still identifies itself as the old Failover cluster name. For example if I run this:
Select ServerProperty('machinename'), ServerProperty('ServerName'), @@ServerName
it returns the Failover cluster name (which does not exist) instead of the server name in all three cases. Probably next week we'll move all the databases (system and user) to another server given the issues we've been having, and that will be a clean stand-alone version of Windows (non-clustered). Hopefully when we reattach the databases the naming issue will go away, but if not I'll drop/add the server to change the name.

Thanks.
Post #1504122
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse