Re: Can't run IIS and SQL Server on Separate Machines with Trusted Connection

From: Tom Kaminski [MVP] ("Tom)
Date: 03/10/03


From: "Tom Kaminski [MVP]" <tomk (A T) mvps (D O T) org>
Date: Mon, 10 Mar 2003 16:18:40 -0500


"Julie Cooper" <julie.cooper@fairfaxcounty.gov> wrote in message
news:pavp6v4i8oigrfg6d05r2rhs0ejn5kg5dl@4ax.com...
> I am trying to run IIS and SQL Server on Separate Machines with
> Trusted Connection. I have reviewed the KB articles below:
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;176377
>
> I am confused. because I have checked both servers, and they are
> Windows 2000 running Kerberos security.
>
> I am posting the connection string, and error message that I receive:
>
> >using this string: Provider=SQLOLEDB;Server=xxx;Database=abc;Integrated
Security=SSPI;TRUSTED_CONNECTION=YES
>
> Error is:
>
> >Microsoft OLE DB Provider for SQL Server error '80040e4d'
> >
> >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
>
> I have been informed by a colleague that this should work. The IIS
> web site is configured to disallow anonymous access and enable
> Integrated Windows authentication. I am allowed access to the web
> site, but it does not appear that my domain/user account is being
> passed on to SQL Server.
>
> The account, if it was being passed onto SQL Server correctly, is in
> an active directory group that has been added to the SQL Server
> Instance and database and been granted appropriate privileges.
>
> I haven't found a good answer my searching the knowledge base or the
> Google archives. What am I missing?

I don't believe you can use Windows Integrated authentication and have SQL
on a separate machine. It creates a delegation issue as the IIS box doesn't
have the user's password to forward to the SQL box.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247931

-- 
Tom Kaminski IIS MVP
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/


Relevant Pages

  • Re: New to Merge/Replication
    ... ADO.NET 3.0 includes "Synchronization Services" that does not require IIS. ... Hitchhiker's Guide to Visual Studio and SQL Server ... It was my deepest hope that Merge/Replication between SQL Compact Edition and SQL Server 2005 Enterprise Edition would have it's own sync services NOT dependent on IIS. ... You can use merge replication with SQL Server on your main desktop serving as the publisher with SQL Compact on PPC, TabletPC, or other desktops as subscribers, so that would probably be the easiest solution for you. ...
    (microsoft.public.sqlserver.ce)
  • Re: Help on synch to SQL server
    ... from SQL CE to SQL Server from your smart-device application's code. ... This can occur whenever the device has a network path to IIS, ... Unlike merge replication between SQL Servers where you can use RMO ... Ideally I would like to use Sql CE to synch with a SQL ...
    (microsoft.public.sqlserver.ce)
  • Re: SMS_MP_CONTROL_MANAGER error 4960
    ... When I try to restart the IIS it says nothing.... ... Manually restart the SMS Agent Host service on the MP. ... MP encountered an error when connecting to SQL Server. ... The Default Web Site is disabled in IIS. ...
    (microsoft.public.sms.setup)
  • RE: IUsr can not login
    ... I too am not sure what the IIS lockdown tool does (I am a SQL Server ... that had been assigned permission to login into SQL ... Amongst the NT account names will be the account/group that IIS ...
    (microsoft.public.sqlserver.security)
  • Re: Internet Information Services in MCE
    ... Per user Group Policy Restrictions for XP Home and XP Pro ... However, I am able to run SQL Server Dev Edition on my work laptop, which is ... I've installed the IIS component but I'm not sure I have a good ... I'm trying to install SQL Server 2005, ...
    (microsoft.public.windows.mediacenter)