Re: Can't run IIS and SQL Server on Separate Machines with Trusted Connection
From: Tom Kaminski [MVP] ("Tom)
From: "Tom Kaminski [MVP]" <tomk (A T) mvps (D O T) org> Date: Mon, 10 Mar 2003 16:18:40 -0500
"Julie Cooper" <email@example.com> wrote in message
> I am trying to run IIS and SQL Server on Separate Machines with
> Trusted Connection. I have reviewed the KB articles below:
> I am confused. because I have checked both servers, and they are
> Windows 2000 running Kerberos security.
> I am posting the connection string, and error message that I receive:
> >using this string: Provider=SQLOLEDB;Server=xxx;Database=abc;Integrated
> Error is:
> >Microsoft OLE DB Provider for SQL Server error '80040e4d'
> >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
> I have been informed by a colleague that this should work. The IIS
> web site is configured to disallow anonymous access and enable
> Integrated Windows authentication. I am allowed access to the web
> site, but it does not appear that my domain/user account is being
> passed on to SQL Server.
> The account, if it was being passed onto SQL Server correctly, is in
> an active directory group that has been added to the SQL Server
> Instance and database and been granted appropriate privileges.
> I haven't found a good answer my searching the knowledge base or the
> Google archives. What am I missing?
I don't believe you can use Windows Integrated authentication and have SQL
on a separate machine. It creates a delegation issue as the IIS box doesn't
have the user's password to forward to the SQL box.
-- Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://www.microsoft.com/windowsserver2003/community/centers/iis/