July 12, 2012 at 4:27 pm
Is there a way to force sql to use ntlm instead of kerberos?
July 13, 2012 at 10:38 am
Sure, delete the SPN Kerberos is issuing tickets on.
Why would you want to do this by the way? Kerberos is preferred over NTLM as its viewed as more secure and is the recommended way to connect to a SQL Server by Microsoft.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
July 13, 2012 at 11:09 am
I have a very weird scenario working right know. I'll try my best.
Srv1 = 1 IIS, 1 AD, 1 DNS and 1 Sql
Srv1 es under domain MyDomain.
All the computer are out of the domain, but the user and password they use are registered in the AD. We have a software the uses odbc to connect to the Sql. In the Sql the user logins are added from the users registered on the domain, i.e. myDomain\User1
As the computers is out of the domain, he connects like this MyPC\User1 using the same password registered on MyDomain.
Well right know, we bough a new server: Srv1 = 1 Sql, and I added to MyDomain to access the user list so I can add the user logins. The problem is when I change the odbc, I get the error that the user is from untrusted domain. If I add the computer to the domain it works ok on my computer. But on other computers I got problems with file and printers sharing.
So I have decide to first add the new server in the same way it is working the old one: the users pc out of the domain. I have been looking around the the users connection on the old server in sql are using ntlm, and when I got the user inside the domain it looks that the users use Kerberos. I'm very clear this is not the correct way of working, but this server has to be in production.
July 13, 2012 at 2:51 pm
I suspect you're running into an issue where there is a registered SPN for the new server. What is the SQL Server service running as on the new server? Is it running as a domain account or one of the local machine account, e.g. Local Service? What is the SQL Server service running as on the existing server hosting SQL?
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
July 13, 2012 at 2:54 pm
It is running as a local service.
July 13, 2012 at 2:56 pm
which one, or both?
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
July 13, 2012 at 2:57 pm
Both.
July 13, 2012 at 3:08 pm
Just to confirm, both SQL Servers, the old and new, are in the domain correct?
If so, please run both of these from a cmd shell prompt on one of the two SQL servers and post the results:
C:\>setspn -L OldSQLServerMachineName
C:\>setspn -L NewSQLServerMachineName
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
July 17, 2012 at 1:53 pm
How is it going?
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
July 17, 2012 at 3:15 pm
Hello, Sorry I did not reply you back before, but I went out of town and totally forgot about it. We start from 0 the installation too. I'm waiting to out of normal office our so we can try the switching the servers.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply