RE: Msg 15404: Could not obtain information about user

From: Local Government System Inc <lgsystem@xxxxxxxxxxxxxxxx>
Date: Mon, 19 May 2008 18:53:02 -0700

Hi Charles,

I noticed that same entry in the error log when I emailed to you, did some
searching and found the same KB article and implemented the SPN manually.
However, even after rebooting the server and forcing a connect via TCP both
locally running SSMS on the server and also remotely from a workstation, I
cannot establish a Kerberos connection, only NTLM.

I have added the ServerASqlUser account to Domain Admins and rebooted
ServerA. This resolves the error in the sql script but it is still connected
as NTLM and I'm sure you can appreciate I don't want the SQL service account
to be a domain administrator. Removing the sql service user from Domain
Admins and rebooting again and the original error returns. Running SetSPN -L
ServerA is still showing the presence of the SPN entry.

Perhaps there is some minimum privilege I can grant the sql user to fix this
issue?

Regards,

--
Jason
.

Follow-Ups:
- RE: Msg 15404: Could not obtain information about user
  - From: "Charles Wang [MSFT]"

References:
- Msg 15404: Could not obtain information about user
  - From: Local Government System Inc
- RE: Msg 15404: Could not obtain information about user
  - From: "Charles Wang [MSFT]"
- RE: Msg 15404: Could not obtain information about user
  - From: Local Government System Inc
- RE: Msg 15404: Could not obtain information about user
  - From: "Charles Wang [MSFT]"

Prev by Date: Application error event every minute on MSSQLSERVER : "Failure Audit: Login failed for user 'NT AUTHORITY\SYSTEM' [Client: <local machine>]
Next by Date: RE: Application error event every minute on MSSQLSERVER : "Failure Audit: Login failed for user 'NT AUTHORITY\SYSTEM' [Client: <local machine>]
Previous by thread: RE: Msg 15404: Could not obtain information about user
Next by thread: RE: Msg 15404: Could not obtain information about user
Index(es):
- Date
- Thread

Relevant Pages

Re: 2008 DC Stops responding to local logins
... Have a look on this articles, seems that the promotion does not work correct, which causes the replication problem. ... Then restart the server. ... Verifying that the local machine dcontroller05, ... SPN found:LDAP/dcontroller05.campus.university.edu ...
(microsoft.public.windows.server.active_directory)
Re: Kerberos Authentication to VWMare...
... A Kerberos Error Message was received: ... Server Realm: ... We have checked the SPN using SetSPN with -L option and see that both MOSS ...
(microsoft.public.windows.server.security)
Re: Domain Replication Problems
... the NTFRS is responsible for file replicating the actual GPT ... Mail server crash, I was able to recover it and I setup a software RAID ... is the Schema Owner, but is deleted. ... Failed can not test for HOST SPN ...
(microsoft.public.windows.server.active_directory)
Re: Got SPN?
... Also you may use the Setspn.exe tool to add an SPN that has the correct ... FQDN to the Active Directory object for the server that is running Exchange ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.exchange.connectivity)
Re: Domain Replication Problems
... Mail server crash, I was able to recover it and I setup a software RAID ... The DC MAIL is advertising itself as a DC and having a DS. ... is the Schema Owner, but is deleted. ... Failed can not test for HOST SPN ...
(microsoft.public.windows.server.active_directory)