Kerberos delegation

---

• From: "Scott Elgram" <SElgram@xxxxxxxxxxxxxx>
• Date: Thu, 7 Dec 2006 09:53:07 -0800

---

Hello,
I'm not sure if this is the right forum for this question but it is
security related so hopefully someone in here can help.
I have two servers,
Web01: Windows 2k Adv. Server running IIS 5.
Sql01: Windows 2k Adv Server Running SQL 7
I am trying to get user credentials to flow through Web01 to Sql01 so
that I can make use of the permissions that are already on the tables. For
the most part, about 70% of the time, everything is working just peachy and
there are no issues. However, that remaining 40% people are receiving the
following error:
------------------------------------------------------------
Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Stack Trace: at
System.Data.SqlClient.ConnectionPool.GetConnection(Boolean& isInTransaction)
at
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnec
tionString options, Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnection.Open()
at DataCollections.DirectEdit.AddPractice.Page_Load(Object sender,
EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain()
------------------------------------------------------------
If I turn on auditing of successful logons for both Web01 and Sql01 I
can follow the flow down to Sql01 where I find the following entry in the
security log:
------------------------------------------------------------
Date: 12/06/2006 Source: Security
Time: 14:52 Category: Logon/Logoff
Type: Success Event ID: 538
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Sql01
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x6B5095F)
Logon Type: 3

------------------------------------------------------------
If anyone can offer any advice on why this is only happening some of the
time or how to fix/further trouble shoot this issue would be greatly
appreciated.

Thanks,
--
-Scott


.

---

• Follow-Ups:
  • Re: Kerberos delegation
    • From: Joe Kaplan

• Prev by Date: Re: COM Process Blocked
• Next by Date: Re: Kerberos delegation
• Previous by thread: Power Users & Servers - Windows 2000 & 2003 Differences
• Next by thread: Re: Kerberos delegation
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Kerberos delegation ... I have followed the authentication all the way through to Sql01. ... entry in the Web01 security log as a successful logon event for the user, ... (microsoft.public.windows.server.security) Re: Kerberos Delegation ... reason Web01 does not want to use Kerberos some of the time. ... Windows 2k Adv Server Running SQL 7 ... I am trying to get user credentials to flow through Web01 to Sql01 ... Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ... (microsoft.public.dotnet.framework.aspnet.security) Kerberos Delegation ... Web01: Windows 2k Adv. ... Windows 2k Adv Server Running SQL 7 ... I am trying to get user credentials to flow through Web01 to Sql01 so ... Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Kerberos Delegation ... Server running IIS 5. ... I am trying to get user credentials to flow through Web01 to Sql01 ... Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ... (microsoft.public.dotnet.framework.aspnet.security) IIS Remote Content and Kerberos Delegation ... Windows 2003 Server w/IIS6: WEB01 ... FILE01 showed a successful Logon event (using Kerberos for both logon ... FILE01 event log however showed two event, ... (microsoft.public.inetserver.asp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)