SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Linked server error


Linked server error

Author
Message
Biank
Biank
SSC-Enthusiastic
SSC-Enthusiastic (106 reputation)SSC-Enthusiastic (106 reputation)SSC-Enthusiastic (106 reputation)SSC-Enthusiastic (106 reputation)SSC-Enthusiastic (106 reputation)SSC-Enthusiastic (106 reputation)SSC-Enthusiastic (106 reputation)SSC-Enthusiastic (106 reputation)

Group: General Forum Members
Points: 106 Visits: 989
Hello,

I'm trying to setup a Linked server between SS 2005 and SS2012 but keep getting "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." from SS2005 side. I checked SPN for SS2012 and found two :

MSSQLSvc/myServer\INT:1433
MSSQLSvc/myServer.myDomain.local\INT:1433

Is this considered as duplicated SPN that I need to delete one?

If this is not the issue, any idea why we're getting that error?

Thanks much!!
Andrew G
Andrew G
SSCrazy
SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)

Group: General Forum Members
Points: 2479 Visits: 2254
Can you make it work with SQL authentication first? If so, then you'll know if it's an SPN / authentication issue.
eg
EXEC master.dbo.sp_addlinkedserver @server = N'linkedservername', @srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'linkedservername',@useself=N'False',@locallogin=NULL,@rmtuser=N'remoteSQLlogin',@rmtpassword='remoteSQLpasswrd'

GO


dineshvishe
dineshvishe
SSC-Enthusiastic
SSC-Enthusiastic (184 reputation)SSC-Enthusiastic (184 reputation)SSC-Enthusiastic (184 reputation)SSC-Enthusiastic (184 reputation)SSC-Enthusiastic (184 reputation)SSC-Enthusiastic (184 reputation)SSC-Enthusiastic (184 reputation)SSC-Enthusiastic (184 reputation)

Group: General Forum Members
Points: 184 Visits: 342
DINESH\TEST3=> servername
dba =>username
######## => Password

then create linked server.
EXEC master.dbo.sp_addlinkedserver @server = N'DINESH\TEST3', @srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'DINESH\TEST3',@useself=N'False',@locallogin=NULL,@rmtuser=N'dba',@rmtpassword='########'

GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation compatible', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'data access', @optvalue=N'true'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'dist', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'pub', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc out', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'sub', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'connect timeout', @optvalue=N'0'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation name', @optvalue=null
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'lazy schema validation', @optvalue=N'false'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'query timeout', @optvalue=N'0'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'use remote collation', @optvalue=N'true'
GO

EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'remote proc transaction promotion', @optvalue=N'true'
GO

Plz check and confirm.
raadee
raadee
SSC Journeyman
SSC Journeyman (79 reputation)SSC Journeyman (79 reputation)SSC Journeyman (79 reputation)SSC Journeyman (79 reputation)SSC Journeyman (79 reputation)SSC Journeyman (79 reputation)SSC Journeyman (79 reputation)SSC Journeyman (79 reputation)

Group: General Forum Members
Points: 79 Visits: 476
You can easily check for duplicate SPN's.

Setspn
-F = perform the duplicate checking on forestwide level

And when you add SPN's use -S instead of -A, -S checks for duplicate before adding it.
Joie Andrew
Joie Andrew
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2305 Visits: 2032
MSSQLSvc/myServer\INT:1433
MSSQLSvc/myServer.myDomain.local\INT:1433

Is this considered as duplicated SPN that I need to delete one?


A NetBIOS name entry and a FQDN entry are not considered duplicates.

If you are creating the linked server from the SQL Server 2005 side I would check the SPNs for that one and ensure it and delegation are setup correctly, since it is the one delegating your login to the SQL Server 2012 instance.

Joie Andrew
"Since 1982"
Nils Gustav Stråbø
Nils Gustav Stråbø
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2437 Visits: 3575
First you need to confirm that Kerberos is working on both SQL Server. That can easily be done by connecting to each of them and checking auth_scheme column in sys.dm_exec_connections for your session id.

But just setting up SPN's wont work. Since the client is doing a double-hop you also need to allow the first SQL Server to delegate the Kerberos token to the second SQL Server. This is done in AD on the account running the SQL Server service on the first server (the one with the linked server). Open the account properties and go to the Delegation tab. I think you need to be domain admin to change delegation properties.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search