August 4, 2014 at 8:05 am
Hi All
Having trouble getting double hop authentication working and cant for the life of me figure out why.
Created a linked server between 2 servers, both of the servers have the SPN's registered correctly for the MSSQLsvc service.
If I run a query via the link from the Source server it works fine, if I execute it from my PC then as its double hopping, start getting the Login Failed for user NT AUTHORITY\ANONYMOUS LOGIN.
Been scratching my head now for best part of 30 mins and cant figure it out.
Probably something obvious I have missed and might just be a case of a fresh pair of eye but any help would be appreciated.
Thanks
August 5, 2014 at 6:17 am
Hi,
Have you set the Computer Account to be Trusted for delegation? This can be done in AD with the User and Computers console by opening the properties of the Computer Account and going to Delegation tab. There should be the option to select "Trust this computer for delegation to any service (Kerberos only)."
August 5, 2014 at 6:37 am
Yes, the computer account and the service accounts are set for delegation.
August 6, 2014 at 3:00 am
This was removed by the editor as SPAM
August 6, 2014 at 3:16 am
This is not with IIS its with SSMS.
Open SSMS on my desktop, connect to ServerA, then use linked server on ServerA to talk to ServerB getting the kerberos issue.
Resolved this anyway, the clients where talking over shared memory which will not work for kerberos, switched to TCP/IP and shared memory and it now works.
August 6, 2014 at 7:50 am
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply