Hi,
I have gone through so many kb articles to understanding the problem, but no luck as yet.
Here is the situation:
I have two dev servers : Server A and Server B. Both are set up in an identical fashion. Windows 2003 sp2, Sql Server 2005 sp1 Developer Edition, both are on the same domain, Both have all the three protocols enabled: Shared Memory, Tcpip, and Named Pipes in that order. I can ping both servers, and telnet using the default port. Both have only default instances. Both use the same domain user account for sql service. Both have the error in the log saying that spn could not be registered so authentication may fall back to NTLM.
Here is the issue: When I try to register Server A specifying tcp-ip connection, I am successful and I can see that the authentication is NTLM - is as expected. since the spn registration did not happen and since the sqlservice account is not a domain admin, the authentication used NTLM over tcp-ip. However, I try to register Server B specifying tcpip, I get a cannot generate sspi context error. Why did the authentication not fall back to NTLM as in Server A? From what I read in the KB articles, I asked our network admin to check up the spn, but he assures me that spn were never manually registered.
Can somebody throw more light on this issue?
Thanks
KRSE
http://blogs.msdn.com/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx
If you look at number 6 in the above team blog, it should shed some light on the problem.
Hope that helps.
John
P.S. If this addresses your problem, please mark your question as answered.
No comments:
Post a Comment