December 10, 2002 at 4:58 am
I have a SQL Server 2k running on a win2k (SP-1) server.
The clients are access XP project on winXP (SP-1).
Everithing works the first time you start the application but if you close it and try to start it again you get the followin error:
cannot generate SSPI context.
You have to restart session and then it works fine again.
The same problem occur with SQL Client tools.
I have two LAN with the same configuration and the problem only occur in one of them.
Thank you for your time reading this message.
Edited by - sergiofg on 12/10/2002 04:58:35 AM
December 10, 2002 at 5:10 am
Based on other information SP1 should have corrected in regards to Win 2K. However since you state you have check both client event logs and server side event logs when this happens and see if any additional information is recorded there. Usually is.
December 10, 2002 at 9:54 am
I actually mentioned this on a PSS call and they mentioned it has something to do with the SQL Server being unable to validate your credentials with a domain controller.
We have this issue, usually just after we've changed the service account, but it occassionally pops up for a few minutes and then disappears. I suspect it's some AD issue, but I haven't been able to track it down. Haven't worried about it since it doesn't happen that often.
Happens here on W2K, SP2, SS2K, SP2
Steve Jones
December 11, 2002 at 6:25 am
Thank you for the answers.
I've looked in the logs. I don't find anything in server logs but client logs has two interesting items in system logs. This items are written each time I tried a connection to SQL Server and I recibe the SSPI error (quick translated from spanish):
1. The security sistem has detected a try of an attack for degrading the server MSSQLSvc/CIFE01:1433. The error code from the autentication protocol Kerberos was "There isn't an available auntentication protocol for attend the ask for a session start.
(0xc000005e)".
2. The security system cannot establish a secure connection with the server MSSQLSvc/CIFE01:1433. There isn't an available auntentication protocol.
Any ideas? If you don't undestand my bad translated error message say me and I try to find the official english version of them.
thanks
Edited by - sergiofg on 12/11/2002 06:25:37 AM
Edited by - sergiofg on 12/11/2002 06:26:05 AM
December 11, 2002 at 11:12 am
Look for a secure channel reset utility on technet. Probably need to get this reset between the SQL Server and the dc
Steve Jones
February 5, 2003 at 12:47 am
I'm suddenly getting the cannot generate SSPI context. This is from an XP workstation, with SQL2K Dev, SP2+MS02-061. Connecting to any external server 2k or 7.
MSKB references a NTLM reg key, but for SQL 7 ???
This contraption was working fine this morning.
KlK, MCSE
KlK
February 5, 2003 at 9:20 am
Solved it, somehow my account was locked out. Interestingly I could logon on to my machine, (probably cached account) and VPN in. But could not see any LAN resources. I rarely use them so I don't notice
For some reason we have been having a lot of accounts locked, with no password errors logged ????
KlK, MCSE
KlK
February 6, 2003 at 3:56 am
quote:
1. The security sistem has detected a try of an attack for degrading the server MSSQLSvc/CIFE01:1433. ...2. The security system cannot establish a secure connection with the server MSSQLSvc/CIFE01:1433. ...
I know a similar problem, cannot connect to my local SQL server on my notebook (that is Win2K AD member) when not connected to the domain controller.
Try switching the client network library to Named Pipes (cliconfg.exe). If that works, look at your IP related security configuration (policies).
Regards,
C.
February 6, 2003 at 8:04 am
I opened an issue with Microsoft back in April of last year concerning "cannot generate sspi context" in an n-tier web application with delegation. Unfortunately, we are still working on it.
Thought you should know.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply