locked
Periodic restart of SQL instance for CLM - Cannot generate SSPI context

    Question

  • I have an issue on the CLM server and the CA where periodically I get the error "Cannot Generate the SSPI context". If I restart the SQL CLM instance the problem is rectified. This appears to be related to Kerberos and the ticket expiry. It may be that this happens if the DB is not accessed for more that the Kerberos ticket validity period. If I look in the security log on the SQL server the error is "unable to logon because of null SID". Once I restart the SQL instance the logon message shows the CLM and CA servers authentication correctly using Kerberos. The SPNs for the SQL service account register OK. ????
    Tuesday, June 07, 2011 2:44 PM

Answers

  • This turned out to be a Kerberos ticket renewal issue. Use a Klist to dump the ticket list for your service account to see if they are expiring and not being renewed. A third party authentication product was found to be the cause.
    • Marked as answer by TechieBod Friday, February 10, 2012 9:09 AM
    Friday, February 10, 2012 9:09 AM