Re: Linked Server Connection Problem

Hello,

This issue can be resolved as follows:

Use SQL authentication to connect to the SQL server from the client, and
set the domain account used to start SQL Server to have permissions in the
shared folder
on the machine where the data is located.

or

Establish a SPN for your domain account which will enable Kerberos
authendication:

1. Load the Active Directory Users and Computers MMC snap-in.

2. In the Active Directory Users and Computers snap-in, select the
Computers container.

3. Select the Windows 2000 machine running SQL Server, then right-click and
select Properties

4. Under the General Tab, check the "Select Trust computer for delegation"
checkbox, then OK.

5. Configure the SPNs for the MSSQLSvc process on the SQL Server box.

Someone log in with domain admin permissions needs to use it to run the
following commands:

setspn -A MSSQLSvc/<fully qualified domain name for SQL Server
machine>:<SQL Server
port #(1433 by default)> <domain account name for account SQL server
service runs
under>


Example:


setspn -A MSSQLSvc/mysqlserver.myactivedirectory.domain.com:1433
mydomainaccount

Anyone, whether or not a domain admin can display the spns like this, this
doesn't have to be run on the SQL Server machine, just a machine on the
domain.

Setspn -L <domain account name for account SQL server runs under>

For example,

Setspn -L ssrvacct

MSSQLSvc/chinagrove2kSQL.jimsau.ms.com:1433

These steps are for running SQL Server under a domain account. For more
information, refer to below article:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad
_security_2gmm.asp

I hope the information is helpful.

Sophie Guo
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: SQL Services account question...
    ... I wish you'd say the reason of not using a domain account as a service account for the SQL Server. ... Backup operations are performed by SQL Server service, at this point I don't know what goes on under hood exactly but SQL Server service may be needed to communicate to the AD for validation of the database owner and as the SQL Server service is a local one, it can't achieve this task. ... > Source: Security Event ID: 537 ...
    (microsoft.public.sqlserver.security)
  • Re: Problems changing the password for the service account in SQL
    ... Adding the domain account which runs SQL Server into SQL Server doesn't ... Server if it is running under the domain account. ... Admin-SQL, Logon Exec - exception from ...
    (microsoft.public.sqlserver.security)
  • Re: Login failed for user NT AUTHORITYANONYMOUS LOGON
    ... >>I've enabled anonymous access, setting it to the correct domain account, ... >> the correct permissions in sql server ... > That means the local user permissions, the SQL Server, etc. ... >> c) I've enabled anonymous access, setting it to the correct domain account, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: FAILURE installing WSS with Active Directory auth
    ... SQL Server should also be running under a Domain Account. ... Did you add IIS after the server was promoted to a DC? ... > - local admin as well as admins in AD. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Very basic login question
    ... In order to use Windows Authentication the two computers have to be members of the same domain or trusted domains. ... you should have a login at the SQL Server on the XP Pro workstation. ...
    (microsoft.public.sqlserver.security)