Kerberos timout with IIS6, ASP.Net and SQLServer

I've been struggling with a problem for the last two months that are
almost driving me nuts...

We have a traditional ASP.Net 1.1 web site accessing a SQL2000 database
using delegation and a trusted connection. I have seen many posts
regarding this setup, and we had quite some trouble getting it all
working ourself. User could finally access the web server and pull data
from the database, fully authenticated through Kerberos and Integrated
Windows Authentication.

The problem is:
- After a user have been inactive for anything from a few minutes to
half an hour, the connection with the database is broken and it
responds with the well known login failed for user (null) error.

Some more facts:
- The connection with the web server works fine, and as long as the
exception is trapped in the code, all pages are displayed (as intended
when a db connection is unavailable, that is)
- I got a feeling that the Kerberos ticket is expireing and the web
server doesn't bother asking the client for a new one.
- We do have trust for delegation set up in the AD for the web server
to access any resource
- We do have a HTTP/fqdm SPN set up in AD

Questions:
- Any suggestions to what this might be caused by?
- Would we need a SPN for the DB server too? (This is just accessed
through the netbios name)
- Do you know of any Kerberos-related settings that would make the
initial authetication work, but connections to fail at a later point?


One more thing... The very same problem was posted unanswered here in
several newsgroups about a year ago:
http://groups.google.com/group/microsoft.public.adsi.general/browse_thread/thread/d53ecbeaa94af2d3/133e72c9029b8b32?lnk=st&q=kerberos+timeout+iis6&rnum=4#133e72c9029b8b32

This posting describes a bit more what have been tried and not. I have
done very much the same approach, with no more luck than that guy.

(I have not found any other postings that I can tell are describing the
same problem as my)


Any help on this matter is most appreciated.

Regards,
Roar Fredriksen
Systems Engineer
Omega Project Solutions Inc

.

Relevant Pages

  • Re: Kerberos timout with IIS6, ASP.Net and SQLServer
    ... Can you enable Kerberos audit logging on the IIS box, ... We have a traditional ASP.Net 1.1 web site accessing a SQL2000 database ... using delegation and a trusted connection. ... The connection with the web server works fine, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Transfer Excel file from a Web Server to Local Server
    ... Have your web administrator create an System DSN name in the ODBC control ... panel on the web server then try it using the name they create. ... I was trying to create a new database connection through Form Properties. ...
    (microsoft.public.frontpage.programming)
  • Re: Making a database connection global
    ... The web server is built to process several web pages simultaneously using mutliple threads. ... If you use only one connection in your application, that will become the bottle neck of the application. ... Whatever you do, it will always boil down to the fact that only one thread at a time can access the database, and all the other threads have to wait their turn. ... You could just as well neuter the web server by only allowing one single thread, as the other threads only will be waiting for the connection to get free. ...
    (microsoft.public.dotnet.framework.aspnet)
  • SqlConnection Pooling question
    ... My first assumption is that the connection pool ... is local to each web server. ... web servers for their particular database. ... If I always issue the changeDatabase() call could I set ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: SqlConnection Pooling question
    ... My first assumption is that the connection pool ... > is local to each web server. ... > web servers for their particular database. ... > pool since the connection strings would then match. ...
    (microsoft.public.dotnet.framework.adonet)