Re: Can my ASP.NET dev workstation see remote SQL server?

From: Kevin McDonnell [MSFT] (kevmc_at_online.microsoft.com)
Date: 03/11/04


Date: Thu, 11 Mar 2004 20:31:01 GMT

Login failed for user 'null' means that we were unable to 'impersonate' the
user. We need to be able to impersonate when we authenticate to SQL using
your Windows NT credentials.

Typical client server environment:

Scenario 1:
Client ----> SQL
If this fails, then it may be a problem with the communication between the
client and the Domain Controller. You can make network traces from the
client and /or enable Kerberos logging to verify if this is the case. This
may occur when using sockets, but not with Named Pipes connections.

Scenario 2:
Web Server/SQL Environment

Client--->IIS--->SQL.

If your scenario looks like the Scenario 2 (Web Server/SQL Environment),
then this scenario is more complicated to configure.
The middle machine (IIS) must be trusted for Security Delegation. And the
Domain Admin needs to set the spn for SQL Server.
The client machine must use TCP/IP and authenticate via Kerberos
authentication. If it uses NTLM, then this will fail with "Login failed
for user 'null'".

This article goes over various scenarios:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/SecNetch05.asp

Thanks,

Kevin McDonnell
Microsoft Corporation

This posting is provided AS IS with no warranties, and confers no rights.