I'm having trouble connection to remote server via linked server.
Here is my configuration:
A (my workstation, ssms client)
B middle SQL server (linked server --> C)
C target SQL server
So, when I connect to SQL server B from my laptop (ssms) and try to connect (test connection) to linked server C from there I get the error:
Here's what I have found so far:
- If I RDP to server B directly, I can access linked server C with no problem - looks like typical double hop kerberos problem.
- SELECT net_transport, auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid;
Returns 'TCP' and 'KERBEROS', so my session got kerberos auth.
- I'm using windows authentication. SPNs seems so be registered correctly for SQL service accounts (B an C)
setspn -L returns SPNs for SQL service account:
- Service accounts are set for unconstrained delegation (selected option "Trust this user for delegation to any service (Kerberos Only)")
- user account who is logged to laptop A has option "Account is sensitive and cannot be delegated" unchecked
- Linked server is configured with “Be made using the login’s current security context”
So, regarding kerberos everything seems to be configured correctly, but the connection still doesn't work from my laptop.
The most interesting thing is that from my coworkers laptop the connection works fine!
Both laptops use Windows 10, SSMS v 17.9.1, we both login with Windows domain accounts.
If I login to coworkers laptop with my username, it works, so it is not related with user account, but has something to do with some specific settings on my machine. Drivers?
So, what I'm I missing here?
Any ideas would be appreciated! Thanks!