Re: Cannot generate SSPI context and Windows 2000 service pack 4
From: Bala Neerumalla[MSFT] (balnee_at_online.microsoft.com)
Date: 02/28/04
- Previous message: Bala Neerumalla[MSFT]: "Re: Again a "Login failed for user 'null""
- In reply to: Nigel Williams: "Cannot generate SSPI context and Windows 2000 service pack 4"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 27 Feb 2004 17:05:08 -0800
This happens because of a Kerberos authentication protocol issue, I would
suggest you to do the following things
1. Enable Kerberos logging on the client machine (documented at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;262177). Now try to
connect to the remote SQL Server, if you get the same error message then
check the SYSTEM eventlog. You would find Kerberos failure events which give
you good information about what went wrong.
2. If there are no Kerberos errors on the client machines, you could be
having some error messages on the APPLICATION eventlog of the SQL Server
machine which will say that the SQL Server couldnot decrypt the login
packets from the clients which implies that there are multiple SPNs
registered and the AD picked a wrong one. You can find all the registered
SPNs in your AD by using the command
ldifde -d "CN=Users,DC=betaland" -l servicePrincipalName -F
NewoutputUsers.txt
and then clean up the redundant ones. This is explained in
http://support.microsoft.com/?id=319723
Thanks,
Bala.
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Nigel Williams" <nwilliams@fictitious.kom> wrote in message news:DE140101-7F0E-4AE1-86DC-626028B66D5D@microsoft.com... > We have had two instances of installing Windows 2000 Service Pack 4 [*] on machines running SQL Server 2000 SP3a+HF and subsequently seeing errors from SQL Server client tools (QA and Enterprise Manager): > > Cannot generate SSPI context > > SETSPN -L shows a valid service principle name, and the other options in KB 811889 have been tried. We are using a domain user account as the service account for SQL Server. > > What else can we look for to resolve this problem please? > > > [*] re-building the machine with SP3 and the problem does not appear. We need W2K SP4 for SQL Server Reporting Services. > >
- Previous message: Bala Neerumalla[MSFT]: "Re: Again a "Login failed for user 'null""
- In reply to: Nigel Williams: "Cannot generate SSPI context and Windows 2000 service pack 4"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
