Re: Windows Integrated Security / SQL 2000 / IIS 5.0 / COM+

From: Richard Waymire [MSFT] (rwaymi_at_online.microsoft.com)
Date: 09/09/03

• Next message: Dave Brooks: "Printing a sql profiler .trc file"
• Previous message: Richard Waymire [MSFT]: "Re: Project server MSSQL problem"
• In reply to: Stuart: "Windows Integrated Security / SQL 2000 / IIS 5.0 / COM+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 9 Sep 2003 10:51:20 -0700

Have you added SPN for SQL Server to active directory with setspn? Details
on how to this are in books online.

-- 
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Stuart" <nonnb@spamnot.webmail.co.za> wrote in message
news:570001c376e5$74f7c890$a601280a@phx.gbl...
> Hi
>
> We are in the process of moving away from SQL Std Security
> to Integrated / Windows security, however, having some
> teething problems
>
> Configuration is as follows
>
> => Users access system from IE Browser
> => Hit an IIS server running as LocalHost/IUSR* (configured
> as Anonymous access only)
> => which then launches a Middle tier of COM+ components
> running as a Domain User, say Domain\BOB (Identify, Packet
> Level).
> I have added LocalHost/IUSR* to the Security Role of the
> components.
>
> => The middle tier COM+ components in turn access a SQL
> 2000 DB running Integrated Security. Domain\BOB has been
> added to the logins and has the necessary access to the
> database.
>
> However, when we put this together, SQL gives Error
> "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (-
> 2147217843)"
>
> If I run the Middle tier COM+ components interactively as
> DOMAIN\BOB, all is well.
> Also, if I Change IIS to run as Domain\BOB and not IUSR*,
> then also, all is well.
> I have also tried Impersonate level on the Middle Tier,
> but also without luck.
>
> What have I missed?
>
> Thanks
>
> Stuart
>

---

• Next message: Dave Brooks: "Printing a sql profiler .trc file"
• Previous message: Richard Waymire [MSFT]: "Re: Project server MSSQL problem"
• In reply to: Stuart: "Windows Integrated Security / SQL 2000 / IIS 5.0 / COM+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Microsoft Informational Alert ... > PSS Security Response Team Alert - SQL Security Recommendations ... > PRODUCTS AFFECTED: SQL Server ... Secure your SA login account with a non-NULL password. ... (microsoft.public.security) Maximum Number of Database Users and Roles ... of security accounts for sql server is 16379 ... I have a web site that I had/have to change the security model for which was ... originally setup using a Windows Domain Group and users to access our sql ... (microsoft.public.inetserver.asp.db) Maximum Number of Database Users and Roles ... of security accounts for sql server is 16379 ... I have a web site that I had/have to change the security model for which was ... originally setup using a Windows Domain Group and users to access our sql ... (microsoft.public.sqlserver.server) Re: [despammed] RE: SQL Slammer doing the rounds again? ... > and other ISA lists about how to allow inbound SQL connections ... > direct access to a SQL server across whatever network they're installed ... Network with over 10,000 of the brightest minds in information security ... (Incidents) Re: SQL logins logged where ... you can't trace directly to a table but can use the> fn_trace_gettable function to load the trace file into a> table. ... If you are using SQL Server 7, use> xp_trace_setqueuedestination to set the destination to a> table. ... Security Tab does not give too many ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)