Re: cannot generate sspi context when server in mixed authenticati



"Kevin3NF" wrote:

A domain admin will need to create an SPN for the SQL Server service
manually using SetSPN or ADSI (I think)

Local system or domain admin starting sql does this automatically...domain
user does not

--
Kevin Hill
3NF Consulting
http://www.3nf-inc.com/NewsGroups.htm

Real-world stuff I run across with SQL Server:
http://kevin3nf.blogspot.com


"DBA72" <DBA72@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F01518D8-9430-49AB-95AC-076BF1C5CF84@xxxxxxxxxxxxxxxx
It is starting with a domain user account.

"Kevin3NF" wrote:

What is SQL Server service starting as...local system, domain user or
domain
admin?

--
Kevin Hill
3NF Consulting
http://www.3nf-inc.com/NewsGroups.htm

Real-world stuff I run across with SQL Server:
http://kevin3nf.blogspot.com


"DBA72" <DBA72@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:65AFAA64-4847-4034-8745-211ED18ACB0E@xxxxxxxxxxxxxxxx
We have a situation for which I have been trying to find an explanation
for
over a week. A windows 2005 SP1 server which previously ran in Windows
authentication only suddenly caused "cannot generate sspi context"
errors
after we switched it to mixed authentication mode.

-SQL service is running with domain account not trusted for delegation
-We have checked for invalid SPNs in the domain and there are none
registered for the SQL Service on this machine
-TCP/IP protocol is enabled on the server
-Named Pipes connections work fine
-After switching back to Windows authentication and clearing the ticket
cache the problem dissapears

If I understand correctly. The default authentication protocol used
over
tcp/ip when connecting to SQL Server is Kerberos but if the client
cannot
find a valid SPN for the SQL Service on the server then it should fall
back
to NTLM. For some reason however, this is not happening as it should.






Kevin,
I think you would be right if I was trying to use Kerberos but as I said,
this is not enabled for the sql service account. What I want to do is use
NTLM over tcp/ip
.

Relevant Pages

  • Re: Access 2007->SQL Server2005 "connection was forcibly closed",G
    ... I moved every table I was able to move to the SQL ... closed connections - but all of these errors are in the version which used ... the SQL Server 2000 and everything worked ... communication between ODBC (OLEDB and Native Client, ...
    (microsoft.public.sqlserver.connect)
  • Re: Unable to Apply SP4 to SQL 2000 Cluster (new Node)
    ... Rebuild the node in the failover cluster. ... Scenario 1" in SQL Server 2000 Books Online. ... This setup process updates to SP4 only the binaries on the new ...
    (microsoft.public.sqlserver.clustering)
  • Re: WSS 3.0 question
    ... I followed the advise given in removing WSS 3.0 etc, ... the server is complaining that the SQL service(?) was tempered with or corrupt. ... I may just instal the SQL server as I was going eventuall use it anyway. ... If WSUS 3.0 is installed, I would suggest you uninstall it and then you install WSS 3.0. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to: Remove Physical Disk from SQL Cluster Group (If possible)
    ... than SQL server) without stopping the SQL service. ... resource, remove the dependency, and then bring online SQL Server. ... The container has some drives that ...
    (microsoft.public.sqlserver.clustering)
  • Re: WSUS
    ... I'm not seeing performance issues with the full enchilada installed, and 25 users busy hitting SQL. ... WSUS isn't difficult to uninstall - if you have WSUS v2 (installed with SBS R2) uninstall R2 from add/remove programs. ... How can anyone work with 4 instances of SQL Server on the same box? ...
    (microsoft.public.windows.server.sbs)