February 21, 2006 at 9:59 am
I am using SQL Query Analyzer on my computer (Client) to connect to an instance of SQL Server 2000 (Server1), using a Windows login. The client computer has Windows XP professional and the SQL Server Client is configured to use only TCP/IP (no named pipes). The server is listening only on TCP/IP and is a Windows 2000 with SQL Server 2000 standard. All setting for security delegation are done as in BOL "Security Account Delegation" for this server (Server 1 - to be used as front-end or middle tier server) and for a second server (Server2 - to be used as back_end server).
If I check the Security Log in Event Viewer most of the time I see the NTLM authentication is used from Client to Server1. sometimes it uses Kerberos.
Yesterday afternoon I had the surprise to discover that my delegation works from client-Server1-Server2 and by checking the Event viewer I had the confirmation that at that particular moment the connection was made using Kerberos authentication. This morning I am back to NTLM and my delegation is not working again. It looks like I am loosing my minds!
So, the question is: did anyone have before this Kerberos/NTLM issue and does anybody know how to force the connection to use Kerberos?
Gabriela
February 21, 2006 at 1:48 pm
February 22, 2006 at 6:07 am
I've had sporadic issues with Kerberos and for the most part it has been because of improper SPN records. Check your allowed for delegation on the SQl service accounts and that proper SPNs are set up for SQL Server instances.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply