Double Hop of Doom

, 2011-06-20

I recently had to battle through THE DOUBLE HOP OF DOOOOOMMM!! It was a very rewarding experience and I think every DBA should battle this beast at one time or another in their career.

So what is a double hop?

Let's take a step back, what's a single hop?

mmmmmm hops

A single hop is where you have your SQL server (let's call it Server 1 for now) with a linked server (Server 2) set up. The hop is where you connect to your linked server. You "hop" from your local SQL instance to the linked server. Piece of cake.

Now the double hop is where you have a client connecting to Server 1 but wants to access the linked server (Server 2). This becomes a bit of a headache when you are using windows authorization. I was trying to access Server 2 from the client and kept getting the great "NT AUTHORITY\ANONYMOUS LOGON". After lots and lots of reading I realized it was more of a Active Directory issue than a SQL issue.  Here is the best article I've found that explains how this all works.

So how after battling active directory for a couple of days, I finally broke through the wall.

Here is what you need to know:

  • Figure out what an SPN is and how to use SETSPN (the above article does a great job)
  • Add an SPN for both servers
  • Add an SPN for your service account - (this is the one that got me)
  • Enable Delegation for your servers in AD
  • Enable Delegation for your SQL SERVICE ACCOUNT
  • restart SQL services.

It was a bit of a battle but we were able to break the anonymous wall and access the legendary linked server. Best advice - keep reading, keep playing with the SPNs.

Rate

Share

Share

Rate

Related content

Database Mirroring FAQ: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup?

Question: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? This question was sent to me via email. My reply follows. Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? Databases to be mirrored are currently running on 2005 SQL instances but will be upgraded to 2008 SQL in the near future.

2009-02-23

1,567 reads

Networking - Part 4

You may want to read Part 1 , Part 2 , and Part 3 before continuing. This time around I'd like to talk about social networking. We'll start with social networking. Facebook, MySpace, and Twitter are all good examples of using technology to let...

2009-02-17

1,530 reads

Speaking at Community Events - More Thoughts

Last week I posted Speaking at Community Events - Time to Raise the Bar?, a first cut at talking about to what degree we should require experience for speakers at events like SQLSaturday as well as when it might be appropriate to add additional focus/limitations on the presentations that are accepted. I've got a few more thoughts on the topic this week, and I look forward to your comments.

2009-02-13

360 reads