Re: impersonation

From: Ken Schaefer (kenREMOVE_at_THISadopenstatic.com)
Date: 11/01/04 

Date: Mon, 1 Nov 2004 16:35:05 +1100

If you are accessing the site using a name other than registered name, you
will need to use setSPN.exe and register a new service principal name:
http://support.microsoft.com/?id=294382

Other things you should read/use to troubleshoot the issue:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
    -and-
http://www.microsoft.com/downloads/details.aspx?FamilyID=e90fe777-4a21-4066-bd22-b931f7572e9a&DisplayLang=en

You basically need to work your way thoroughly from client through to
backend SQL Server to make sure everything is setup correctly, eg is IE
configured to use Kerberos? is IIS sending appropriate authentication
headers? are SPNs registered correctly? Is delegation enabled properly? etc

Cheers
Ken

"Noël Thoelen" <noel@itomni.com> wrote in message
news:O9edINZvEHA.3416@TK2MSFTNGP09.phx.gbl...
>I was looking around in some of the other posts in this newsgoup and
>something came up to me.
> I am using an lmhost file to reach the site. So, the site is not reached
> using DNS. Could this be the problem ?
>
> "Noël Thoelen" <noel@itomni.com> schreef in bericht
> news:eDuamBZvEHA.1984@TK2MSFTNGP14.phx.gbl...
>>I would like to use KERBEROS delegation to access an SQL Server database
>>from an ASP.NET application.
>> So, I have set up a website, disabled anonymous access and checked the
>> windows integrated security.
>> In the ASP.NET applicatie, the web config file contains
>> <authentication mode="Windows" />
>> <identity impersonate="true" />
>> Both the IIS and the SQL server are part of a domain. So, when I browse
>> to the site using an domain account
>> the site will open fine. However, when i try to open a database
>> connection using the 'Integrated security=SSPI option i always get the
>> error:
>> Login failed for user '(null)'. Reason: Not associated with a trusted SQL
>> Server connection.
>> When I open the database by using SQL authentication, everything works
>> fine.
>> On the IIS, the Webservice is running under local system account, and so
>> is the SQL Server.
>> In AD I have set the 'Trust computer for delegation' flag for both the
>> IIS and the SQL as stated in the 'Troubleshoot KERBEROS delegation'
>> document, but still without any luck
>>
>> Does somebody has encountered this problem already ?
>>
>
>

Relevant Pages

  • Re: New to Merge/Replication
    ... ADO.NET 3.0 includes "Synchronization Services" that does not require IIS. ... Hitchhiker's Guide to Visual Studio and SQL Server ... It was my deepest hope that Merge/Replication between SQL Compact Edition and SQL Server 2005 Enterprise Edition would have it's own sync services NOT dependent on IIS. ... You can use merge replication with SQL Server on your main desktop serving as the publisher with SQL Compact on PPC, TabletPC, or other desktops as subscribers, so that would probably be the easiest solution for you. ...
    (microsoft.public.sqlserver.ce)
  • Re: Help on synch to SQL server
    ... from SQL CE to SQL Server from your smart-device application's code. ... This can occur whenever the device has a network path to IIS, ... Unlike merge replication between SQL Servers where you can use RMO ... Ideally I would like to use Sql CE to synch with a SQL ...
    (microsoft.public.sqlserver.ce)
  • Re: SMS_MP_CONTROL_MANAGER error 4960
    ... When I try to restart the IIS it says nothing.... ... Manually restart the SMS Agent Host service on the MP. ... MP encountered an error when connecting to SQL Server. ... The Default Web Site is disabled in IIS. ...
    (microsoft.public.sms.setup)
  • RE: IUsr can not login
    ... I too am not sure what the IIS lockdown tool does (I am a SQL Server ... that had been assigned permission to login into SQL ... Amongst the NT account names will be the account/group that IIS ...
    (microsoft.public.sqlserver.security)
  • Re: Internet Information Services in MCE
    ... Per user Group Policy Restrictions for XP Home and XP Pro ... However, I am able to run SQL Server Dev Edition on my work laptop, which is ... I've installed the IIS component but I'm not sure I have a good ... I'm trying to install SQL Server 2005, ...
    (microsoft.public.windows.mediacenter)