April 25, 2013 at 3:01 pm
Hello,
I'm trying to setup a Linked server between SS 2005 and SS2012 but keep getting "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." from SS2005 side. I checked SPN for SS2012 and found two :
MSSQLSvc/myServer\INT:1433
MSSQLSvc/myServer.myDomain.local\INT:1433
Is this considered as duplicated SPN that I need to delete one?
If this is not the issue, any idea why we're getting that error?
Thanks much!!
April 25, 2013 at 10:00 pm
Can you make it work with SQL authentication first? If so, then you'll know if it's an SPN / authentication issue.
eg
EXEC master.dbo.sp_addlinkedserver @server = N'linkedservername', @srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'linkedservername',@useself=N'False',@locallogin=NULL,@rmtuser=N'remoteSQLlogin',@rmtpassword='remoteSQLpasswrd'
GO
May 20, 2013 at 11:47 am
DINESH\TEST3=> servername
dba =>username
######## => Password
then create linked server.
EXEC master.dbo.sp_addlinkedserver @server = N'DINESH\TEST3', @srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'DINESH\TEST3',@useself=N'False',@locallogin=NULL,@rmtuser=N'dba',@rmtpassword='########'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation compatible', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'data access', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'dist', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'pub', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'rpc out', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'sub', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'connect timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'collation name', @optvalue=null
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'lazy schema validation', @optvalue=N'false'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'query timeout', @optvalue=N'0'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'use remote collation', @optvalue=N'true'
GO
EXEC master.dbo.sp_serveroption @server=N'DINESH\TEST3', @optname=N'remote proc transaction promotion', @optvalue=N'true'
GO
Plz check and confirm.
May 20, 2013 at 2:33 pm
You can easily check for duplicate SPN's.
Setspn
-F = perform the duplicate checking on forestwide level
And when you add SPN's use -S instead of -A, -S checks for duplicate before adding it.
May 22, 2013 at 4:02 am
MSSQLSvc/myServer\INT:1433
MSSQLSvc/myServer.myDomain.local\INT:1433
Is this considered as duplicated SPN that I need to delete one?
A NetBIOS name entry and a FQDN entry are not considered duplicates.
If you are creating the linked server from the SQL Server 2005 side I would check the SPNs for that one and ensure it and delegation are setup correctly, since it is the one delegating your login to the SQL Server 2012 instance.
Joie Andrew
"Since 1982"
July 3, 2013 at 7:48 am
First you need to confirm that Kerberos is working on both SQL Server. That can easily be done by connecting to each of them and checking auth_scheme column in sys.dm_exec_connections for your session id.
But just setting up SPN's wont work. Since the client is doing a double-hop you also need to allow the first SQL Server to delegate the Kerberos token to the second SQL Server. This is done in AD on the account running the SQL Server service on the first server (the one with the linked server). Open the account properties and go to the Delegation tab. I think you need to be domain admin to change delegation properties.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply