Kerberos issue on SQL 2005
- From: "W.a.Sdanou" <wasdanou@xxxxxxxxx>
- Date: Sat, 14 Mar 2009 21:29:37 +0100
After some searching i've managed to add "read/write servicePrincipalName" access for a "domain account" with ADSIEdit.
After restarting the SQLServer Service, the eventlog shows it is listening on a specific dynamic port. Again back in ADSIEdit I see, I believe, the appropriate "service principle name". Even after removing and restarting the SQL Server, the same SPN is written back here.
Even then, in sql server, the command "select auth_scheme from sys.dm_exec_connections where session_id=@@spid" still shows NTLM instead of Kerberos. Using SETSPN -L <domain account> results in a line like MSSQLSvc/Myserver.Mydomain.org:1979
How come SQLServer is showing using NTLM instead of Kerberos?
Does a client which uses Kerberos also trigger SQL Server to start using Kerberos?
Thanks for your reply.
.
- Follow-Ups:
- Re: Kerberos issue on SQL 2005
- From: Jeffrey Williams
- Re: Kerberos issue on SQL 2005
- Prev by Date: Re: SQL support for PCI Complaint
- Next by Date: Re: Kerberos issue on SQL 2005
- Previous by thread: Mystery SQL database access
- Next by thread: Re: Kerberos issue on SQL 2005
- Index(es):
