Double Hop Question

  • If I use my laptop to connect to server A using SSMS and run a query there that joins to a table on server B, I get the known response, "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."

    If I remote desktop to server A and run the same query using SSMS, it exec's successfully (it's only "single-hop"). If I then run the original query on the laptop again, it also exec's successfully, I think because the Kerberos authentication is somehow allowing me to run queries for a limited time from my laptop.

    Here's the question: server B is in a different domain than server A and the network folks don't want to / can't get both trusted domains and the Active Directory configurations working needed just to solve the double-hop problem, so I'm left looking for a work-around.

    I have a small set of users. I'd like to allow them remote desktop access to server A and when they log in, have a sqlcmd run in a batch script that just connects to server B. Then the Kerberos ticket should allow them to run queries from their laptops.

    When I try it myself:

    - remote desktop to server A

    - open a cmd prompt

    - run sqlcmd -S serverB -d Db1 -q "SELECT top 1 ID from dbo.company;" [runs successfully]

    - go back to my laptop and run the original query, I get "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." again.

    Please help.

    Thanks,

    Seth

  • based on what you said, it would seem your linked server is set up to pass authentication.

    "Be made using the login's current security context"

    you can select "Be made using this security context"

    add a remote Login and password that needed access to the remote server and try again.

    sorry, maybe i miss read. you are not using a linked server..

    just change your sqlcmd to include credentials...

    sqlcmd -U someuser -P s0mep@ssword -S serverB -d Db1 -q "SELECT top 1 ID from dbo.company;"

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply