Kerberos Issue With An Endpoint In SQL 2005 In Cluster Configuration
Oct 17, 2007
Hi all,
I have an issue with an SQL cluster.
I have two MS Windows 2003 Server Ent Ed. SP2 in cluster. They have MS SQL Server 2005 in cluster.
I have created and endpoint and when I try to access I get the attached error in client machine. This problem only occurs in cluster configuration, because the same installation in an SQL (no cluster) works fine.
EventID: 4 Source: Kerberos
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/fra-lille-hel03.ea.holcim.net. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (EA.HOLCIM.NET), and the client realm. Please contact your system administrator.
Anybody knows how to solve it?
Thanks in advanced.
View 1 Replies
ADVERTISEMENT
Aug 3, 2006
Hi.
I am getting this error.
Msg 1486, Level 14, State 2, Line 2
Database Mirroring Transport is disabled in the endpoint configuration.
Someone please help me.It's urgent.
I am using same PC with 2 different intsances.
This is how i have done it:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'test@#56'
GO
-- CREATE CERTIFICATE PRINCIPAL_CERT
CREATE CERTIFICATE PRINCIPAL_CERT
WITH SUBJECT = 'PRINCIPAL CERTIFICATE',
START_DATE = '03/07/2006',
EXPIRY_DATE = '01/01/2010'
GO
-- CREATE ENDPOINT NAMED (EPMIRRORING) USING CERTIFICATE AND ALGORITHM
CREATE ENDPOINT EPMIRRORING
STATE = STARTED
AS TCP(LISTENER_PORT = 6025, LISTENER_IP = ALL)
FOR DATA_MIRRORING (ENCRYPTION = REQUIRED ALGORITHM RC4, ROLE = ALL,
AUTHENTICATION = CERTIFICATE PRINCIPAL_CERT)
GO
Here is the of Event Log.
Date,Source,Severity,Message
08/03/2006 15:54:35,spid52,Unknown,The Database Mirroring protocol transport is now listening for connections.
08/03/2006 15:54:35,spid52,Unknown,Server is listening on [ 'any' <ipv4> 5122].
08/03/2006 15:52:57,spid53,Unknown,The Database Mirroring protocol transport is disabled or not configured.
08/03/2006 15:52:55,spid53,Unknown,The Database Mirroring protocol transport has stopped listening for connections.
08/03/2006 14:14:54,spid52,Unknown,The Database Mirroring protocol transport is now listening for connections.
08/03/2006 14:14:54,spid52,Unknown,Server is listening on [ 'any' <ipv4> 5122].
08/03/2006 14:14:37,spid53,Unknown,The Database Mirroring protocol transport is disabled or not configured.
08/03/2006 14:14:35,spid53,Unknown,The Database Mirroring protocol transport has stopped listening for connections.
08/03/2006 14:03:48,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:46,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:43,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:41,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:38,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:36,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:34,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:33,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:32,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:30,Logon,Unknown,Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21.'. [CLIENT: 10.10.1.12]
08/03/2006 14:03:15,spid54,Unknown,The Database Mirroring protocol transport is now listening for connections.
08/03/2006 14:03:15,spid54,Unknown,Server is listening on [ 'any' <ipv4> 5022].
Any solution ?
Thanks
Mihir
View 5 Replies
View Related
Oct 16, 2007
Hi,
i have configured a mirroring database using three different server instances on same domain. i'm able to configure the principal, mirror and witness using the configure database mirroring security wizard. I leave the service accounts blank and complete the process successfully but when i hit on start mirroring button it gives me error i.e 'database Mirroring Transport is disabled in the endpoint configuration.' Kindly help.
Regards
View 3 Replies
View Related
Apr 19, 2001
Ideally we'd like to configure our SQL cluster w/ the databases on one drive and the logs on another. Is this feasable in a cluster solution.. Will it basically just be 2 drives that are failed over vs. 1?
Thanks
View 1 Replies
View Related
Oct 17, 2006
In a two node cluster, is it possible to change from a Active-Passive configuration to Active-Active without completely reinstalling?
Thanks
View 1 Replies
View Related
Apr 11, 2000
I have SQL 7 running on an Active/Passive Cluster configuration. My problem is that I can not see any
SQL objects listed on perfmon.
Can this be because of the Cluster configuration? I trying to run perfmon directly from the main system console.
Thanks,
Randy
View 2 Replies
View Related
Jan 29, 2008
Hi, could someone tell me if this configuration is possible?
Machine A: Instance 1 (ACTIVE) + Instance 2 (passive) + Instance 3 (pasive)
Machine B: Instance 1 (passive) + Instance 2 (ACTIVE) + Instance 3 (pasive)
Machine C: Instance 1 (passive) + Instance 2 (passive) + Instance 3 (ACTIVE)
I know that it is possible with 2 machines with the clasical solution of Machine1: active-passive, Machine2: passive-active, this way if one of the machines goes down the other one will take the job of both instances, but I dont know if this solution is possible in SQL server 2000 with 3 instances at the same time.
Help please? thanks
View 3 Replies
View Related
Sep 7, 2006
Hey. I've 2 nodes in this activeactive cluster. Both of them have 20gb memory. Right now, both are configured to use 12gb each. Is that the right way to configure it? I was thinking we'll have IO issues if we ever failed over to a server. I've to migrate to SQL 2005 and needed some help regarding using accounts.
Should I use the same account for the cluster service and the SQL Server/Agent service? If not what are the permissions I've to give to the cluster service account in SQL? I've a cluster with 2 nodes. What permissions should the SQL account be given on the box? Should it be a local admin or when installing, I give it the account and let SQL worry about giving permissions to the box?
Thank you.
View 2 Replies
View Related
Nov 19, 2007
I have a 2 node cluster in an active/active configuration. Install is SQL 2005 Enterprise Edition x64, patched to KB934458
If I try and run SQL Server Configuration Manager on node 1 the application does not start and I get the following message: "Connection to target machine could not be made in a timely fashion." This happens for both SQL Server instances (SQL01 and SQL02).
I can connect fine on the 2nd node with both instances.
Further to this, if I try and run the Surface Area Configuration tool on node 1 - I can't connect to either SQL Instance (SQL01 and SQL02)
If I run the SAC tool on the second node, I can connect to the instance SQL02 that is active on node 2. If I fail that SQL Instance over to node 1, I can no longer connect
I think there is clearly something not quite right about node 1.
Any help/pointers would be appreciated.
View 5 Replies
View Related
Sep 8, 2014
I have installed SQL Server 2012 on Node1 successfully and trying add node on Node2 and its failing with below message. I attached the screen shot.
Here we are not doing multi-subnet failover clustering. Why we are getting extra and asking for IP and what IP should we enter there?Add Node option should automatically detect the IP we configured on Node1.
[Error Message] To support SQL Server multi-subnet failover clustering, you must select at least one valid IP address for every subnet in the cluster.
[Details] Microsoft.SqlServer.Configuration.Cluster.ClusterIPAddressPublicValidationException: To support SQL Server multi-subnet failover clustering, you must select at least one valid IP address for every subnet in the cluster.
View 1 Replies
View Related
Sep 22, 2007
I am getting following error when trying to install SQL express 2005 on XPSP2.
TITLE: Microsoft SQL Server 2005 Setup
------------------------------
The SQL Server System Configuration Checker cannot be executed due to WMI configuration on the machine SIGMA-805539A79 Error:2147944122 (0x800706ba).
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.1399.06&EvtSrc=setup.rll&EvtID=70342
I tied re-installing WMI using http://blogs.msdn.com/jpapiez/archive/2004/12/09/279041.aspx link but could not get it working.
Do i need IIS installed? Its not installed on this box...
please suggest something... i am stuck...
Thanks,
View 3 Replies
View Related
Oct 24, 2006
Hi,
How can I access my endpoint output set of values/xml using internet explorer? I am able to access the wsdl file now I need to access the actual value returned from sql server 2005. Now i need to display it on my Internet Explorer. All the examples of microsoft leads to access using CLR. Please let me know also the difference between Get/Post with respect to EndPoints.
Thanks in Advance
Ajoy Kumar
ajoyusa@yahoo.com
View 2 Replies
View Related
Jun 10, 2015
I am in the process of moving databases from a SQL 2005 Standard version to a 2-node 2014 cluster.All of my 2005 databases back up successfully.They all restore without issue except for one database that has a full text catalog. I get this message
Msg 7610, Level 16, State 1, Line 2
Access is denied to "fileStoragedataMSSQLSERVERFullTextCatalog", or the path is invalid.
Msg 3156, Level 16, State 50, Line 2
File 'sysft_FTCatalog' cannot be restored to 'fileStoragedataMSSQLSERVERFullTextCatalog'. Use WITH MOVE to identify a valid location for the file.
Msg 3119, Level 16, State 1, Line 2
Problems were identified while planning for the RESTORE statement. Previous messages provide details.
Msg 3013, Level 16, State 1, Line 2
RESTORE DATABASE is terminating abnormally.
[code]....
I went as far as giving the folder full access to everyone temporarily and received the same error.
View 1 Replies
View Related
May 29, 2013
I am trying to install the MS SQL Server 2012 Failover Cluster on Windows Server 2012 . I successfully Installed the Failover cluster instance on my primary node.
But when I am running the installation process on passive node to add node in the failover cluster I am stuck with very unique kind of issue.
I am following the Standard process of Installation and I am getting the same windows for each next process, but after License Agreement window when I get the Cluster Node Configuration window, then in "SQL Server Instance Name" drop down box I am not getting the Name of Instance which is already installed on the primary node. But this Instance complete information is appearing in below given box.
Only issue is Instance name is not appearing in the drop down list, that's why I am not able to select and when I click on next it trough error and do not proceed.
View 3 Replies
View Related
Feb 23, 2006
Hi there, I am just trying to create an ENDPOINT to define a Web Service in Sql
server 2005. Here is my code
Create ENDPOINT AWService STATE = STARTED As HTTP ( PATH = '/ADVENTUREWORKS', AUTHENTICATION = (INTEGRATED), PORTS = (CLEAR), SITE = 'DEVISQLDM2005' ) FOR SOAP ( WEBMETHOD 'GetProductList' (NAME = 'AdventureWorks.Dbo.GetProductList'), DATABASE = 'AdventureWorks', WSDL = DEFAULT )
and when i run this T-SQL its complaining about
Msg 7807, Level 16, State 1, Line 1 An error ('0x80070057') occurred while attempting to register the endpoint 'AWService'.
I am trying this code to run on Windows XP pro and Sql Server 2005. Any
clue why its complaining about this ?
Thanks -D
View 1 Replies
View Related
May 8, 2007
Hi
We are planning to upgrade the SQL Server in our production environment from SQL Server 2000 to SQL Server 2005. This is a 4 Node cluster environment with 3 Databases on 3 Virtual instances. The main requirement is to achieve this with no/minimal downtime.
Could you please suggest or direct me to any documentation for the best practices used to upgrade such an environment?
Thanks
Priyanka
View 2 Replies
View Related
Nov 10, 2007
Hi,
We are using SQLServer 2005 SP2. I successfully registered SPN and TCP is enabled and order of protocol are
Shared Memory 1
TCP 2
Names Pipes 3
when I am running
select auth_scheme from sys.dm_exec_connections where session_id=@@spid
still getting NTLM. I disabled all protocol in local client except TCP with no avail.
Interstingly when I am using SQLServer 2000 client where TCP is enabled and first in order in Clinet netwrok it is working OK and I am getting KERBEROS.
Please help to resolve.
Thanks
--
Farhan
View 7 Replies
View Related
Oct 4, 2007
I have a strange problem.
On almost all clients I can connect to mys database server using sqlcmd -S <server> and the connection is authenticated using kerberos.
One one of my clients the command fails. When I have Named Pipes enabled the connection works fine but is made with NTLM authentication.
All servers and clinets are members of the same domain and thay are ll on the same LAN segment. No firewalls are active anywhere.
Where do I look for a solution?
View 3 Replies
View Related
Mar 15, 2007
i have a cluster running win2k and SQL server2k, the app on the server uses kerberos authentication. all works fine until we need to flip the cluster over - then the registration of the SPN fails - this means we need to keep registering the SPN manually - a bit of a pain and sometimes people foget to register it causing us lots of grief.
does anyone know of a way we can get the SPN to register automatically?
View 1 Replies
View Related
Mar 12, 2008
Hi,
For last 2 days, I'm struggling to integrate WSS 3.0 with SP1 with SQL Server 2005 Reporting Services with SP2 with Kerberose authentication.
And finally I'm stuck
At the moment I've got 2 issues, one is when "Set defaults" on Central Administration site, second is when I'm trying to browse the reporting server for report €“ using Report Viewer webpart configuration (when selecting "Report").
Before I will go futher with errors message, here is my configuration:
WSS 3.0 with SP1 and Reporting Services Add-in:
Computer: SharePoint02 | SharePoint02.led.local
Portal url: http://sharepoint02 | http://sharepoint02.led.local
Admin url: http://sharepointadmin02 | http://sharepointadmin02.led.local
Portal App Pool: LEDSPContentPool
Admin App Pool: LEDSPConfigAcct
SQL Server 2005 with SP2, Reporting Services with SP2, WSS 3.0 with SP1 Front End:
Computer: SharePointDB | SharePointDB.led.local
Front End Portal url: http://sharepointdb | http://sharepointdb.led.local
URL to reporting services: http://sharepointdb/SPSReportServer | http://sharepointdb.led.local/SPSReportServer
Front End App Pool: LEDSPContentPool
Reporting Services App Pool: LEDSPConfigAcct
Report Server Service Account: LEDSPConfigAcct
SQL Server Account: LEDSPConfigAcct
I know I should have separate account.
Service Principals (SPContentPool):
Registered ServicePrincipalNames for CN=SPContentPool,CN=Users,DC=LED,DC=LOCAL:
HTTP/sharepoint02
HTTP/sharepoint02.led.local
Service Principals (SPConfigAcct):
Registered ServicePrincipalNames for CN=SPConfigAcct,CN=Users,DC=LED,DC=LOCAL:
HTTP/sharepointdb
HTTP/sharepointdb.led.local
MSSQLSrv/sharepointdb.led.local:1433
HTTP/sharepointadmin02.led.local
HTTP/sharepointadmin02
Reporting add-in is activated, I'm able to specify the report server (http://sharepointdb.led.local/SPSReportServer) and to grant permission.
1) FIRST ISSUE
However when I'm trying to set the defaults for Reporting Services from Central administration I'm getting following error:
The target location you specified is not supported by the report server. A report definition (.rdl), report model (.smdl), resource, or shared data source (.rsds) file must be located within a library or a folder within it. ---> The target location you specified is not supported by the report server. A report definition (.rdl), report model (.smdl), resource, or shared data source (.rsds) file must be located within a library or a folder within it.
Reporting Server error message is:
w3wp!library!1!03/12/2008-12:15:23:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.ContainerTypeNotSupportedException: The target location you specified is not supported by the report server. A report definition (.rdl), report model (.smdl), resource, or shared data source (.rsds) file must be located within a library or a folder within it., ;
Info: Microsoft.ReportingServices.Diagnostics.Utilities.ContainerTypeNotSupportedException: The target location you specified is not supported by the report server. A report definition (.rdl), report model (.smdl), resource, or shared data source (.rsds) file must be located within a library or a folder within it.
w3wp!library!1!03/12/2008-12:15:39:: Call to GetDataSourceContentsAction(http://sharepoint02.led.local/lrs/Reports/SHAREPOINTDB.rsds).
w3wp!library!5!03/12/2008-12:15:49:: Call to GetDataSourceContentsAction(http://sharepoint02.led.local/lrs/Reports/SHAREPOINTDB.rsds).
w3wp!library!1!03/12/2008-12:15:52:: Call to GetDataSourceContentsAction(http://sharepoint02.led.local/lrs/Reports/SHAREPOINTDB.rsds).
w3wp!library!1!03/12/2008-12:15:55:: Call to GetDataSourceContentsAction(http://sharepoint02.led.local/lrs/Reports/SHAREPOINTDB.rsds).
w3wp!library!1!03/12/2008-12:16:07:: Call to GetDataSourceContentsAction(http://sharepoint02.led.local/lrs/Reports/SHAREPOINTDB.rsds).
w3wp!library!1!03/12/2008-12:16:59:: Call to GetDataSourceContentsAction(http://sharepoint02.led.local/lrs/Reports/SHAREPOINTDB.rsds).
w3wp!library!1!03/12/2008-12:17:11:: Call to GetPermissionsAction(http://sharepoint02.led.local/lrs/Reports/TestSharepoint.rdl).
This error message then repeats few times, usually always after:
w3wp!library!5!03/12/2008-11:18:16:: Call to GetSystemPropertiesAction().
2) SECOND ISSUE
When the I'm trying to add Report Viewer (I'm logged as Portal administrator) and then select the report from web part settings, I'm getting:
Server was unable to process request. ---> The request failed with HTTP status 401: Unauthorized.
When I'm looking at the Event log in SharePointDB I see Anonymous login:
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 12/03/2008
Time: 12:13:07
User: NT AUTHORITYANONYMOUS LOGON
Computer: SHAREPOINTDB
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x12C0209E)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: SHAREPOINT02
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.192.65.67
Source Port: 1705
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Is there any chance to solve these issues? What did I done wrong?
I would really appreciate any help!
Cheers,
Jakub G
View 1 Replies
View Related
Aug 10, 2007
Hello,
I have configured Kerberos delegation for several web services. One of the web service calls SSIS packages, but the packages don't run with the expected impersonate user : the package starts with the imporsonate user, but continue with ASPNET user (which is not allowed to execute SSIS and connect to DB).
If the web service is called directly (no delegation), SSIS packages run with the correct user. It looks like than there is an autenthicate issue, but kerberos is configured and web services can run from one to another with the impersonate user. The issue occured only when I call SSIS packages.
Here is a extract of the SSIS log file :
Code Snippet <dtslog>
<record>
<event>PackageStart</event>
<message>Beginning of package execution.
</message>
<computer>WKS-GE-BRAZILIA</computer>
<operator>WKS-GE-BRAZILIAPascal.Brun</operator>
<source>ImportMonthlyCSV</source>
<sourceid>{D053CB99-FDE4-492D-83BC-821E1B34704B}</sourceid>
<executionid>{EA9C1929-4131-4FDD-A6FC-560E01A65536}</executionid>
<starttime>09.08.2007 17:31:02</starttime>
<endtime>09.08.2007 17:31:02</endtime>
<datacode>0</datacode>
<databytes>0x</databytes>
</record>
<record>
<event>OnError</event>
<message>SSIS Error Code DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER. The AcquireConnection method call to the connection manager "Data Warehouse" failed with error code 0xC0202009. There may be error messages posted before this with more information on why the AcquireConnection method call failed.
</message>
<computer>WKS-GE-BRAZILIA</computer>
<operator>WKS-GE-BRAZILIAASPNET</operator>
<source>Import CSV</source>
<sourceid>{284D3166-F372-4B03-86C1-75A4D8DC9A5C}</sourceid>
<executionid>{EA9C1929-4131-4FDD-A6FC-560E01A65536}</executionid>
<starttime>09.08.2007 17:31:02</starttime>
<endtime>09.08.2007 17:31:02</endtime>
<datacode>-1071611876</datacode>
<databytes>0x</databytes>
</record>
...
Any help is required.
Thanks in advance.
View 4 Replies
View Related
Dec 28, 2007
We're upgrading a SQL Server 2000 cluster (Active/Passive) running on Windows 2000 Server to a SQL Server 2005 Cluster running on Windows Server 2003. We can't purchase new hardware and we have no spare hardware. We also need to move from Windows 2000 Server to Windows 2003 Server at the same time. We want to keep downtime to a bare minimum.
What we were thinking was the following steps... Anyone try this?
1. Break the link between the servers.
2. Install a fresh copy of windows 2003 server on one side along with SQL Server 2005. While this step is running, the active node would still be live on Windows 2000 Server and SQL Server 2000 serving our customers.
3. Restore a copy of a backup from the active production side to the node we're upgrading and at that point we would bring the active node down, switching the active node to be the newly upgraded server.
4. As a final step, the old active node would now have the link to it broken, we would install a fresh copy of windows 2003 server on it and sql server 2005. At this point we would bring it back into the cluster and the cluster would be complete again.
Thoughts?
View 2 Replies
View Related
May 14, 2008
Friends -
Need your help and guidence for doing upgrading SQL Server 2000 Cluster to SQL Server 2005 Cluster.
Let me explain my current environment.
1. Currently SQL Server 2000 Cluster environment is running on Windows 2000 Server we need to upgrade this to SQL Server 2005 on Windows 2003 Server. >>> Production environment.
My Plans:
1. On Testing Environment Install SQL Server 2000 cluster on Windows 2003 Server and do a restore of databases from the produciton environment.
2. Upgrade In-Place from SQL Server 2000 Cluster to SQL Server 2005 Cluster.
My doubts
1. Can i install SQL Server 2000 Cluster on Windows 2003 Server. Is it possible or not.
Please advise me and correct my steps.
Cheers
VSH
View 1 Replies
View Related
Jul 30, 2015
I use DNS alias to access my database server:
server name is -> SRV100
DNS Alias is -> SQLPROD
I've noticed that, using Windows authentication, if I connect to the server using its server name, the DB Engine uses Kerberos authentication scheme (as it is supposed to do) but if I use Kerberos authentication, I see that the DB Engine uses the NTLM authentication
scheme
select client_net_address,auth_scheme from sys.dm_exec_connectionsÂ
I need to use DNS alias to connect to my server and I want to use Kerberso auth scheme.
View 4 Replies
View Related
May 21, 2008
Like many others, I am have trouble getting this to work, and none of the solutions I have found on the inter-tubes seems to work for me:
"An unexpected error occurred while connecting to the report server. Verify that the report server is available and configured for SharePoint integrated mode. --> The request failed with HTTP status 401: Unauthorized."
The Setup:
MOSS/SSRS (Integration Mode) running on a server farm on a single server: myserver.mydomain.org
Service Account for all Services: mydomainmyaccount (trusted for delegation, member of IIS_WPG)
myserver trusted for delegation
SSAS running under Local System on ssas.mydomain.org.
SETSPN -L mydomainmyaccount results:
HTTP/myserver.mydomain.org
HTTP/myserver
MOSS Authentication Settings
Authentication Type = Windows
Default Authentication Provider = Negotiate (Kerberos)
Anonymous access not enabled
IIS Settings
SSRS on Default Web Site: Port 8080
Application Pool Identity mydomainmyaccount
NTAuthenticationProviders="Negotiate,NTLM"
Security: Windows Authentication
MOSS on Sharepoint-80 Site: Port 80
Application Pool Identity mydomainmyaccount
NTAuthenticationProviders="Negotiate,NTLM"
Security: Basic Authentication except _vti_bin/ReportServer is Windows Authentication
The idea is to use kerberos to pass credentials from SSRS reports running on myserver.mydomain.org to SSAS on ssas.mydomain.org.
View 1 Replies
View Related
Jul 6, 2015
I ran into a Kerberos authentication issue because of a missing AOAG SPN. Some of the tickets that granted me access to the nodes of the AOAG cluster were using the encryption type that I would expect. However, the MSSQLSvc SPNs were not using what I would expect!
klist
#XX> Client Somebody@somedomain.com
Server: RPCSS/MySQLServer@somedomain.com
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
#XX> Client Somebody@somedomain.com
Server: MSSQLSvc/MySQLServer@somedomain.com
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
#XX> Client Somebody@somedomain.com
Server: MSSQLSvc/MyAOAGListener@somedomain.com
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
I can't seem to figure out what the next step should be, and the infrastructure admins are stumped as well. How to proceed?
View 5 Replies
View Related
Sep 29, 2015
We have a large number of SSISDB packages running happily, connecting to our SQL Servers using ADO.Net or Sql Native Client, making their connection using NTLM. (We don't have our SQL Server SPNs correctly configured to support Kerberos).
The SSISDB packages are hosted on and run on a dedicated SQL server, different to the SQL Servers they are connecting to.
Very occasionally, the connection attempt is made using Kerberos instead of NTLM, and the connection attempt to sql server fails. (This is going by the Windows Security event log, which reveals a Kerberos login - a successful one at the Windows level - at the precise time that the calling agent job is informed of a connection timeout and fails, approx 23 seconds after the job starts).
The correct configuration of our SPNs is something we may wish to look into for security best practice, and would of course fix this. However, that may not be my decision to make.
View 2 Replies
View Related
May 15, 2008
Friends -
Could any one of you provide steps for upgrading SQL Server 2000 cluster to SQL server 2005 cluster.
My environment is Windows 2003 server.
Appreciate your support.
Cheers
VSH
View 1 Replies
View Related
May 9, 2006
When I run sp1 on the active node of a 64-bit cluster the setup just hangs when it gets to the Database services part. It does not return any errors as mentioned by others in this forum. I also do not have SqlSupport.msi in the add/remove programs (one suggestion on this forum was to uninstall it reinstall). I have let it run for up to 12 hours with no result.
There is no SQL9_Hotfix_KB913090_sqlrun_sql.msp.log file only SQL9_Hotfix_KB913090.log
this is the content
05/09/2006 12:41:12.274 ================================================================================
05/09/2006 12:41:12.274 Hotfix package launched
05/09/2006 12:41:15.634 Product discovery successfully completed during the install process for DEV01
05/09/2006 12:41:15.634 SP Level check successfully completed during the install process for DEV01
05/09/2006 12:41:15.634 Product language check successfully completed during the install process for DEV01
05/09/2006 12:41:15.634 Product version check successfully completed during the install process for DEV01
05/09/2006 12:41:15.681 Product discovery successfully completed during the install process for DEV02
05/09/2006 12:41:15.681 SP Level check successfully completed during the install process for DEV02
05/09/2006 12:41:15.681 Product language check successfully completed during the install process for DEV02
05/09/2006 12:41:15.681 Product version check successfully completed during the install process for DEV02
05/09/2006 12:41:15.743 Product discovery successfully completed during the install process for DEV03
05/09/2006 12:41:15.743 SP Level check successfully completed during the install process for DEV03
05/09/2006 12:41:15.743 Product language check successfully completed during the install process for DEV03
05/09/2006 12:41:15.743 Product version check successfully completed during the install process for DEV03
05/09/2006 12:41:15.790 Product discovery successfully completed during the install process for DEV04
05/09/2006 12:41:15.790 SP Level check successfully completed during the install process for DEV04
05/09/2006 12:41:15.790 Product language check successfully completed during the install process for DEV04
05/09/2006 12:41:15.790 Product version check successfully completed during the install process for DEV04
05/09/2006 12:41:15.790 Command-line instance name check completed during the install process
05/09/2006 12:41:15.868 Baseline build check completed during the install process
05/09/2006 12:44:25.795 Attempting to install instance: DEV02
05/09/2006 12:44:25.795 Enumerating passive cluster nodes
05/09/2006 12:44:25.873 Patching available passive node: TTCSQL62A
05/09/2006 12:44:25.873 Waiting for first successfully completed passive node
05/09/2006 12:44:25.873 Attempting to patch running passive node: TTCSQL62A
View 3 Replies
View Related
Sep 12, 2006
we want to have an activepassive and active passive cluster.
node a install sql instance 1 failover over to node b
node b install sql instance 2 failover to node a
do I have to setup 2 cluster ? ie. quorum, msdtc etc..
or just one cluster(quorum, ip and name), one msdtc group( as per MS msdtc doc) and 2 san disks (one for node a and one for node b.
is this correct? I have looked and looked for a step by step on setting this up, no where can I find what i need. I downloaded the failover cluster doc from microsoft, book online etc..
thanks
View 3 Replies
View Related
Sep 11, 2006
quick overview
2 nodes-cluster setup from node 1
I setup a cluster, created 4 groups
1.cluster 2.msdtc 3.sqlinstance1 4.sqlinstance2
I want to create an activepassive on both nodes. (onenode will be the active node for on sql install while the other is passive.
I want to repeat this fo rthe second node, the second node being active and node 1 passive.
I logged into node 1 and I installed sql 2005 in failover cluster into sqlinstance 1., everyhting was fine, failover etc.
Now I logged into node 2 and ran sql 2005 setup to create a failover cluster.
I chose to install into sql instance 2.
Database unable to install with error "failed to set registry settings for server network libraries. acition is setdefaults.error 11001, no such host is known.
If I am not setting this up correclty please let me know
thanks
everything was fine. I logged onto node 2, was going to
View 5 Replies
View Related
