December 2, 2010 at 12:57 pm
Help! I've reached the limits of my knowledge as a humble DBA. Here's the problem -
PC #1 in London
SQL Server #1 in Berlin
SQL Server #2 in Berlin
SQL Server #3 in London
There's a linked server called [Svr1-Svr2] between SQL Server #1 and SQL Server #2.
There's a linked server called [Svr2-Svr3] between SQL Server #2 and SQL Server #3
SPNs have been set for all 3 SQL Servers and I have confirmed the authentication method is Kerberos by running [font="Courier New"]select auth_scheme from sys.dm_exec_connections where session_id=@@spid[/font]
John Doe logs into PC #1 and can use the linked server [Svr1-Svr2] to get data. He cannot use linked server [Svr2-Svr3] and gets Err 18456 i.e. the double-hop err.
there is a firewall between London and Berlin. What must I ask my firewall admin to do to allow kerberos to pass through it?
December 2, 2010 at 1:44 pm
nzrdb6 (12/2/2010)
Help! I've reached the limits of my knowledge as a humble DBA. Here's the problem -there is a firewall between London and Berlin. What must I ask my firewall admin to do to allow kerberos to pass through it?
We have escaped the realm of the DBA and entered the realm of the Networking group. I suggest you send this up the pipe to them for correction.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
December 2, 2010 at 3:32 pm
nzrdb6
Has the service profile of srv2 been allowed to delegate the spn's of srv3?
When you checked sys.dm_exec_connections for auth scheme, did you do this from PC1->srv3 and also from srv2->srv3? The reason I ask is I don't recall linked servers/delegation having any additional port requirements.
-Ken
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply