"Cannot Generate SSPI Context"
-
A developer in our company changed her password and since then this error has been happening intermitently. We are using NT authentication for Query analyser and EM. Any pointers will be appreciated.
thanks
-srini
-
thanks. i will try the solution and post the results
-srini
-
Steve:
I read the link and tried all the steps outlined in Chad's article(good one ) but am still facing the problem. Also, when i run SETSPN -L Servername from the client's box i do not see a SPN.DNSlookup seems to be fine. Any ideas ..
-s
-
quote:
A developer in our company changed her password and since then this error has been happening intermitently.Is this just happening for SQL Server or for other services as well (file & print, for instance)?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley -
quote:
quote:
A developer in our company changed her password and since then this error has been happening intermitently.Is this just happening for SQL Server or for other services as well (file & print, for instance)?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
Only SQL Server. BTW, i changed my password with not problems.
-
This is odd. Typically I see this when a BDC (NT 4.0) or a DC (Win2K) hasn't received the replicated password change, but it shouldn't persist unless a DC is having trouble getting replication updates.
Does the problem still exist for said user and does it occur for anyone else?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley -
Check out this article in the Microsoft Knowledge base: Q268413. It fixed our problem with the SSPI error.
-
We had some similar problems related to an Active Directory upgrade...After upgrading to AD we left a couple of NT PDC/BDC's on the network to handle authentication of old NT boxes. This caused some problems with computers that were supposed to be using the new AD box as the Logon Server. We actually, in the end, had to remove the client workstations from the domain and rejoin them back to the "New" AD domain. In NT 4.0, you have a domain (eg-XYZ), now in AD you may have to add the ".com" portion to your internal domain (eg-XYZ.com). This means that under some circumstances you will have to remove your computer from "XYZ" domain and re-join the "XYZ.com" domain. This should happen automatically when the client box is rebooted.
Also another thought...sometimes I've seen the domain controller/logon server become overwhelmed, and the local workstation will use cached credentials when logging on. I'm not sure if this will have an effect or not.
-Dan
-Dan -
It took me several months and many calls to Microsoft's PSS to finally resolve our SQL Server SSPI errors. Although I still see some occasional but rare SSPI errors with MSMQ. I've noticed some recent Technet articles that provide some good information (811889, 320903). Since you already went through the steps in my article you may want to take a look at the Technet articles. Also you may want to check out the LOGONSERVER for your developer by running the SET command from command prompt just to see if it is different than yours and check to see if any DNS servers show up in the SET command output. I've seen some network administrators do some strange things with environmental variables. I know dealing with these SSPI errors can be difficult specially when they are intermittent and not easily reproducible. Keep in mind as documented KB article 320903 there are some known bugs in Kerberos authentication which should be addressed in the next service pack.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply