相关文章推荐
被表白的橙子  ·  中国共产党湖南大学第十次代表大会隆重开幕-湖 ...·  5 月前    · 
成熟的熊猫  ·  农产品转基因行业专题报告:从孟山都看转基因种 ...·  2 年前    · 
深情的小摩托  ·  北大才女李雪琴的自我救赎之路:“念北大就不能 ...·  2 年前    · 
性感的绿豆  ·  「斗罗大陆」史莱克七怪最后都怎么了? - 知乎·  2 年前    · 
爱运动的咖啡  ·  童心園官網--兒童發展玩具、通用教具與輔具的專家·  2 年前    · 
Code  ›  Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON', SPN working - Microsoft Q&A
https://learn.microsoft.com/en-us/answers/questions/232200/login-failed-for-user-nt-authorityanonymous-logon
鼻子大的日记本
2 年前

Hello, I have set up two fresh SQL Servers and have set up SPN, both servers report the following...

The SQL Server Network Interface library successfully registered the Service Principal Name (SPN) [ MSSQLSvc/SERVERNAME ] for the SQL Server service.

I have set up a linked server between the pair of them and then from my desktop SSMS tried to test the connection and get the error.

Has anyone had this before?

Thanks

Hi @Anonymous ,
Is there any update on this case?
Please make sure SQL Server service account was trusted for delegation in AD.
You can go to domain controller -> open active directory users and computers -> users -> right-click the SQL Server Service account in users folder -> Properties.
Then go to delegation tab in the Properties dialog box, ensure that "Trust this user for delegation to any service (Kerberos only)" or "Trust this user for delegation to specified services (Kerberos only) – Use Kerberos only "is selected. If you choose the " Trust this user for delegation to specified services (Kerberos only)", please add the SQL Server service. ( please do the same for the delegation tab in the Properties of server's computer object in active directory users and computers.)

Then go to the account tab in properties and ensure that the "account is sensitive and cannot be delegated" option is not selected.

Please refer to this article which might help.

Best Regards,
Amelia

If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

You need to make sure Kerberos works on both servers. If you can RDP into the server that set up the linked server and connect to the linked server fine, verify it is using Kerberos, you can check the auth_scheme from the sys.dm_exec_connections on the target server to verify it. For example,

select c.auth_scheme,* from sys.dm_exec_sessions s join sys.dm_exec_connections c on s.session_id=c.session_id where s.host_name ='yourhostname'.

Make sure it is Kerberos used by the connection.

Hi there,

what you describe is a classic double hop scenario.
local SSMS->Server A -lkd srv conn -> Server B

Just having an SPN for both servers is not enough.
The account running the sql server engine needs the information where to delegate to.

So, if you have a SQL Server A which runs under yourdomain\mysvcAccforServerA, than this account needs the right to delegate credentials to another SPN, eg MSSQLSvc/MyServerb.yourdomain

Regards

 
推荐文章
被表白的橙子  ·  中国共产党湖南大学第十次代表大会隆重开幕-湖南大学新闻网
5 月前
成熟的熊猫  ·  农产品转基因行业专题报告:从孟山都看转基因种业的发展_手机新浪网
2 年前
深情的小摩托  ·  北大才女李雪琴的自我救赎之路:“念北大就不能当一个废物了吗”|大张伟|陈坤_网易订阅
2 年前
性感的绿豆  ·  「斗罗大陆」史莱克七怪最后都怎么了? - 知乎
2 年前
爱运动的咖啡  ·  童心園官網--兒童發展玩具、通用教具與輔具的專家
2 年前
今天看啥   ·   Py中国   ·   codingpro   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
Code - 代码工具平台
© 2024 ~ 沪ICP备11025650号