June 18, 2012 at 5:15 am
Hi,
I've been having issues with bulk insert and I've tracked it down to not connecting using Kerberos, instead NTLM is used.
I found the following criteria that must be met for Kerberos;
1) Kerberos is used when making remote connection over TCP/IP if SPN presents.
2) Kerberos is used when making local tcp connection on XP if SPN presents.
3) NTLM is used when making local connection on WIN 2K3.
4) NTLM is used over NP connection.
5) NTLM is used over TCP connection if not found SPN.
The machine I'm connecting to is Windows 2003 but I'm using a remote connection connection, so that means the SPN must not be found, however I've read through http://www.sqlservercentral.com/articles/Security/65169/ (good article by the way) and I've registered the following;
SETSPN -A MSSQLSvc/MyDBServer MyDomain\SQLServerService
SETSPN -A MSSQLSvc/MyDBServer:1433 MyDomain\SQLServerService
SETSPN -A MSSQLSvc/MyDBServer.mydomain.com MyDomain\SQLServerService
SETSPN -A MSSQLSvc/MyDBServer.mydomain.com:1433 MyDomain\SQLServerService
Yet when I connect I'm still getting the following;
net_transport - TCP
auth_scheme - NTLM
Does anyone have any idea's cause I'm running out of them.
Thanks,
Nic
June 18, 2012 at 6:38 am
Hi,
Managed to resolve this one.
Turned out to be a space after one of the SPN entries that was causing it to not be found and therefore go to NTLM.
Drop and recreate the SPN and it works fine now.
Nic
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply