Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [kerberos]

A network authentication protocol developed at MIT that allows secure authentication for both the user and the server.

Kerberos is a network authentication protocol that runs on port 88 by default and uses symmetric key cryptography to allow both the user and the server to verify each other's identity in a secure manner.

78 questions
25
votes
2 answers

How can I get my linked server working using Windows authentication?

I'm trying to get a linked server to ServerA created on another server, ServerB using "Be made using the login's current security context" in a domain environment. I read that I'd need to have SPNs created for the service accounts that run SQL…
Christopher Garcia
  • 609
  • 3
  • 8
  • 12
21
votes
2 answers

The certificate chain was issued by an authority that is not trusted

some time ago I installed SQL server 2016 developer edition on a windows 10 home edition environment (a laptop to be precise) and everything was fine. then someone - an administrator on the box - decided without telling me, to rename said box. after…
Marcello Miorelli
  • 17,274
  • 53
  • 180
  • 320
15
votes
1 answer

Why would you use a managed service account rather than a virtual account in SQL Server 2012?

In SQL Server 2012, service accounts are created as virtual accounts (VAs), as described here, as opposed to managed service accounts (MSAs). The important differences I can see for these, based on the descriptions: MSAs are domain accounts, VAs…
jordanpg
  • 355
  • 5
  • 14
10
votes
3 answers

What should my SPN entries look like for each SQL instance?

I'm finding contradictory information for how exactly to format SPNs (Service Principle Names) to get the proper Kerberos connections, and how many I need for each SQL instance. This 2017 MS document contains the following: Beginning with SQL…
BradC
  • 10,073
  • 9
  • 51
  • 89
8
votes
2 answers

Kerberos authentication not working with Linked Servers in SQL Server 2012

I am setting up a DEV/TEST environment using 2 SQL Servers running SQL Server 2012 on Windows Server 2012. We are moving from SQL Server 2005 on Windows Server 2008, where we already have this up-and-running correctly. In SQL Server 2012, Kerberos…
Hannah Vernon
  • 70,928
  • 22
  • 177
  • 323
6
votes
2 answers

Intermittent SQL Delegated Authentication Errors

Here is an odd issue that is causing me to lose all my hair. Every few days or so our delegated authentication from one SQL server to another fails with the error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. The SQL server logs show:…
Rachel
  • 61
  • 2
6
votes
1 answer

how to stop using sql server login credentials in a linked server?

I have a linked server based in Italy server_italia that connects to a server based in Oregon USA ORDB1 we are on different but trusted domains. The connection from server_italia to ORDB1 is made through a linked server using a sql server account…
Marcello Miorelli
  • 17,274
  • 53
  • 180
  • 320
5
votes
1 answer

What is a Forest?

I am reading the Microsoft article How to troubleshoot the "Cannot generate SSPI context" error message The two quotes imply that if I know what a domain is I should know what a forest is, but I don't. I have googled around and everything I find, is…
James Jenkins
  • 6,318
  • 6
  • 49
  • 88
4
votes
1 answer

Using DNS per application in ConnectionStrings

I have come across an idea recently when I had to migrate a ton of in-house applications to a new SQL server. The more I look at it, the more it sounds perfect, but I wanted to ask the community for feedback about it. It is using SQL0216 with…
Philippe
  • 517
  • 6
  • 15
4
votes
1 answer

SSMS connections not using KERBEROS over VPN - why?

I have a very simple setup. SQL Server X (2012) and SQL Server Y (2016). X has a linked server to Y using the setting "Connections will: Be made using the login's current security context". SPNs are set up, and internal users on our domain can query…
SomeGuy
  • 2,053
  • 8
  • 35
  • 48
4
votes
1 answer

set SPN on SQL cluster

I have a question about how to manually set SPN for using Kerberos authentication on a SQL cluster. Do I set one SPN on the clustername or one on each node? I also have a default named instance, do i specify the name of the instance?
hanness
  • 55
  • 1
  • 5
4
votes
1 answer

MongoDB Fails to get TGT

I've setup MongoDB enterprise on CentOS 7 with Kerberos support. Additionally I've setup a Kerberos service on CentOS 7 for the authentication. I know that Kerberos is setup correctly as I now have multiple CentOS 7 clients SSH authenticating…
user316114
  • 141
  • 1
4
votes
2 answers

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

I have an Operations server running Windows Server 2012R2 and SQL Server 2014 Enterprise back end. This server is used to deploy new code to other production servers via cmd file called by a SQL Agent Job. All of the servers are on the same…
Steve Mangiameli
  • 1,495
  • 1
  • 11
  • 17
3
votes
1 answer

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed

As the title states, I'm getting the following error when attempting to use a ASP.NET webapp: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous…
Nathan C
  • 177
  • 1
  • 3
  • 14
3
votes
1 answer

Possible Pitfalls of Setting Up Kerberos to Permit Cross-SQL Database Access Via AD Trusted Connection

We are hoping to the implement Kerberos on our Active Directory (2003, Functional Level 2) so that our SQL Server 2005 databases can communicate with one another when a client is using Active Directory Trusted Connectivity. The reason this wasn't…
Clownish Carnage
  • 33
  • 3
1
2 3 4 5 6