Kerberos problems on Sql 2012 Cluster

All Replies

• Friday, April 13, 2012 1:19 PM

   

   
  

  0

  One possibility is that you have wound up with a duplicate SPN in your environment.  This prevents Kerberos from working on the affected machines.  You might find the following links helpful in searching for and resolving (if necessary) the problem.

  http://blogs.msdn.com/b/psssql/archive/2009/02/13/searching-for-duplicate-spn-s-got-a-little-easier.aspx

  http://blogs.technet.com/b/askds/archive/2008/05/29/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx

  http://blogs.technet.com/b/askds/archive/2008/06/09/kerberos-authentication-problems-service-principal-name-spn-issues-part-2.aspx

  RLF

  • Reply
  • Quote

   
• Friday, April 13, 2012 2:09 PM

   

   
  

  0

  thanks for the response russell.

  I created the spn with -s flag and i just checked again. There appear to be no duplicate spn's.

  • Reply
  • Quote

   
• Friday, April 13, 2012 5:34 PM

   

   
  

  1

  Creating a spin with -s is supposed to avoid te problem.  I see you refer to connecting 'locally' and getting NTLM.   Running the following code:

  select auth_scheme 
  from sys.dm_exec_connections 
  where session_id = @@spid

  I have a SQL Server for which we have Kerberos configured:

  • Run SSMS on the server machine - the query connection returns NTLM
  • Run SSMS on my desktop computer - the query connection returns KERBEROS

  Is that what you were seeing?  If so then that is normal, but if both locations return NTLM then you have a problem.

  There is also this document written by Ming Lu to detail common Kerberos problems.
  http://blogs.msdn.com/b/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx

  It was written in 2006, so not fully up-to-date, but it covers many possibilities.

  RLF

  • Marked As Answer by Stephanie LvModerator Tuesday, April 24, 2012 8:23 AM
  •  
  • Reply
  • Quote