Re: Delegation through Linked Server Stops working

Are you having a completely different issue?
This post was about delegation working and then suddenly
failing until a reboot. Is this your issue?

-Sue

On Sun, 27 Aug 2006 12:23:01 -0700, DallasBlue
<DallasBlue@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Is there a solution for this issue.

delegation on linked server fails in our network when we use
nt-authenticated logins. we have a sql server 2000 nodes (n1,n2) on win 2003
cluster.

Any thots,hints,links,pointers appreciated

thanks,
GA

"Sue Hoegemeier" wrote:

A few others have reported similar issues - with no
solutions. I worked at a place where we had delegation
sporadically failing and then working after reboots. A
ticket was opened with Microsoft but the issue was never
resolved. I would guess it's a Kerberos issue, not a SQL
issue. Make sure AD is clean and you don't have duplicate or
bad SPNs for all machines involved. Make sure all machines
involved have times sync working correctly, using the same
time server.
I'd suggest getting the Kerberos Delegation troubleshooting
doc available at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=99b0f94f-e28a-4726-bffe-2f64ae2f59a2&DisplayLang=en
We also installed a tool that would do verbose logging for
Kerberos errors - I just looked and couldn't find the tool.
Maybe if someone else knows they will jump in and provide a
link for that tool.
It can be a difficult issue to troubleshoot and you may want
to consider opening up a support ticket with Microsoft
Product Support.

-Sue

On Wed, 16 Aug 2006 12:43:01 -0700, Sheriff
<Sheriff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I have a Linked Server from SQL 2005 to a SQL 2000 server. I have it
configured to use delegation. This will work fine for a while and then
suddenly stop working. Sometimes it works for an hour, sometimes for a day.
I have to restart the SQL 2005 server and it will begin to work again. The
error is:

TCP Provider: An existing connection was forcibly closed by the remote host.
Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.

Any ideas?



.

Relevant Pages

  • Re: Constrained delegation question!
    ... remote server running the services in terms of the security audits on the ... AUTHORITY\ANONYMOUS LOGON event. ... you won't be able to get Kerb delegation to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Unix Bind and Windows DNS coexist problem with forwarder ON
    ... not a web server. ... Here is the MS KB link of how i setup in Microsoft DNS server. ... I setup delegation in UNIX BIND server to Windows 2003 ... >>> The above does not describe delegation. ...
    (microsoft.public.windows.server.dns)
  • Re: Constrained delegation question!
    ... You are right there is a service called HOST on the target server which I ... You should not need to create a new SPN though. ... Active Directory under the delegation tab, ... For allowing Service Control Manager, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Constrained delegation question!
    ... You are right there is a service called HOST on the target server which I ... You should not need to create a new SPN though. ... Active Directory under the delegation tab, ... For allowing Service Control Manager, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: PROBLEM: ASP on IIS 5 secured via "Windows Integrated Authentication" accessing "
    ... I have two virtual directories on same server with Integrated ... If i use basic authentication, ... as .NET framework config file) as well as Delegation as specified by the ... > could do whatever you want in your ASP page on behalf of the Domain Admin. ...
    (microsoft.public.inetserver.iis.security)