We have had two instances of installing Windows 2000 Service Pack 4 [*]
on machines running SQL Server 2000 SP3a+HF and subsequently seeing errors f
rom SQL Server client tools (QA and Enterprise Manager):
Cannot generate SSPI context
SETSPN -L shows a valid service principle name, and the other options in KB
811889 have been tried. We are using a domain user account as the service ac
count for SQL Server.
What else can we look for to resolve this problem please?
[*] re-building the machine with SP3 and the problem does not appear. We
need W2K SP4 for SQL Server Reporting Services.This happens because of a Kerberos authentication protocol issue, I would
suggest you to do the following things
1. Enable Kerberos logging on the client machine (documented at
http://support.microsoft.com/defaul...kb;EN-US;262177). Now try to
connect to the remote SQL Server, if you get the same error message then
check the SYSTEM eventlog. You would find Kerberos failure events which give
you good information about what went wrong.
2. If there are no Kerberos errors on the client machines, you could be
having some error messages on the APPLICATION eventlog of the SQL Server
machine which will say that the SQL Server couldnot decrypt the login
packets from the clients which implies that there are multiple SPNs
registered and the AD picked a wrong one. You can find all the registered
SPNs in your AD by using the command
ldifde -d "CN=Users,DC=betaland" -l servicePrincipalName -F
NewoutputUsers.txt
and then clean up the redundant ones. This is explained in
http://support.microsoft.com/?id=319723
Thanks,
Bala.
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Nigel Williams" <nwilliams@.fictitious.kom> wrote in message
news:DE140101-7F0E-4AE1-86DC-626028B66D5D@.microsoft.com...
> We have had two instances of installing Windows 2000 Service Pack 4 [*] on[/co
lor]
machines running SQL Server 2000 SP3a+HF and subsequently seeing errors from
SQL Server client tools (QA and Enterprise Manager):
> Cannot generate SSPI context
> SETSPN -L shows a valid service principle name, and the other options in
KB 811889 have been tried. We are using a domain user account as the service
account for SQL Server.
> What else can we look for to resolve this problem please?
>
> [*] re-building the machine with SP3 and the problem does not appear. We[/colo
r]
need W2K SP4 for SQL Server Reporting Services.
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment