Re: Kerberos Delegation

maybe these 40% don't do kerberos auth with the web server, have a look here:

http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx

-----
Dominick Baier (http://www.leastprivilege.com)

Hello,
I'm not sure if this is the right forum for this question but it
is
security related so hopefully someone in here can help.
I have two servers,
Web01: Windows 2k Adv. Server running IIS 5.
Sql01: Windows 2k Adv Server Running SQL 7
I am trying to get user credentials to flow through Web01 to Sql01
so
that I can make use of the permissions that are already on the tables.
For
the most part, about 70% of the time, everything is working just
peachy and
there are no issues. However, that remaining 40% people are receiving
the
following error:
------------------------------------------------------------
Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Stack Trace: at
System.Data.SqlClient.ConnectionPool.GetConnection(Boolean&
isInTransaction)
at
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(Sql
Connec
tionString options, Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnection.Open()
at DataCollections.DirectEdit.AddPractice.Page_Load(Object sender,
EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain()
------------------------------------------------------------
If I turn on auditing of successful logons for both Web01 and
Sql01 I
can follow the flow down to Sql01 where I find the following entry in
the
security log:
------------------------------------------------------------
Date: 12/06/2006 Source: Security
Time: 14:52 Category: Logon/Logoff
Type: Success Event ID: 538
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Sql01
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x6B5095F)
Logon Type: 3
------------------------------------------------------------
If anyone can offer any advice on why this is only happening some
of the
time or how to fix/further trouble shoot this issue would be greatly
appreciated.

Thanks,



.

Relevant Pages

  • Re: Kerberos delegation
    ... I have followed the authentication all the way through to Sql01. ... entry in the Web01 security log as a successful logon event for the user, ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos Delegation
    ... reason Web01 does not want to use Kerberos some of the time. ... Windows 2k Adv Server Running SQL 7 ... I am trying to get user credentials to flow through Web01 to Sql01 ... Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Kerberos delegation
    ... Web01: Windows 2k Adv. ... Windows 2k Adv Server Running SQL 7 ... I am trying to get user credentials to flow through Web01 to Sql01 so ... Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ...
    (microsoft.public.windows.server.security)
  • Kerberos Delegation
    ... Web01: Windows 2k Adv. ... Windows 2k Adv Server Running SQL 7 ... I am trying to get user credentials to flow through Web01 to Sql01 so ... Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Please help refresh my memory on AD DC
    ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here ... admin account to be able to Login so I can control it from the DC. ... A domain user can by default logon to any domain computer, except Domain controllers. ... A Server has websites already hosted on it in a Workgroup and now I ...
    (microsoft.public.windows.server.active_directory)
Quantcast