Setting up a linked server just like we do throughout the organization and for some reason this one is not behaving. We are trying to migrate to newer servers/versions, but the project is not ready to move all apps at the same time. Current linked servers all use local SQL accounts "be made using this security context" which our Security office no longer approves. We are changing to "be made using the login's current security context" for domain account only.
ServerA is Windows 2008R2 using SQL 2008 in old domain
ServerB is Windows 2016 using SQL 2017 in new domain
Dom1\ServerA linking to Dom2\ServerB - fails with NT Authority\Anonymous error
Dom2\ServerB linking to Dom1\ServerA - works fine
SPN registered for both respective service accounts (ServerA:1433 and ServerA.dom1.com:1433)
Dom1\SA_ServerA set for kerberos delegation in AD
Dom2\SA_ServerB set for kerberos delegation in AD
Dom1\SA_ServerA has explicit Allow Log on Locally right
Dom1\SA_ServerA has been made local admin on server as well as sysadmin in SQL for testing.
AD\User1 confirmed making kerberos connection, not NTLM (SPN good)
When remoting onto ServerA, the link works fine (no firewall, good data source), but also single hop
Two way trust between domains.
Linked server using local SQL account works for POC (but not allowed as solution)
Other than SPN and Delegation, where else should/can I be looking?