Monday, March 26, 2012

Link Servers with Delegation

I am trying to implement a linked server that uses integrated authentication on a 64 bit Wndows 2003 SP1 server. I have both Sql Server 2005 and Sql Server installed, and have successfully created database link that is able to use double hop authentiction on the Sql Server 2005 instance. I am unable to do the same usign the Sql Server 2000 instance. Does anyone know if double hop uathentication using Kerberos is supported on Sql Server 2000. The linked server on Sql Server 2005 is created using this syntax

"EXEC sp_addlinkedserver @.server=’LinkedServer’,

@.srvproduct=''",

@.provider='SQLNCLI',

@.datasrc=’SQLB’,--the data source

@.provstr="Integrated Security=SSPI; "

"exec sp_addlinkedsrvlogin ‘LinkedServer’, 'true'"

SPN's and domain accounts have been created as documented and those same accounts are used in both the Sql Server 2005 and Sql Server 2000 instances.

The error message going from a Sql Server 2000 or 2005 client, to the Sql Server 2000 instance that has the linked server using the SQLNCLI provider is

Server: Msg 7399, Level 16, State 1, Line 1
OLE DB provider 'SQLNCLI' reported an error. Authentication failed.
[OLE/DB provider returned message: Communication link failure]
[OLE/DB provider returned message: Named Pipes Provider: No process is on the other end of the pipe.
]
[OLE/DB provider returned message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]
OLE DB error trace [OLE/DB Provider 'SQLNCLI' IDBInitialize::Initialize returned 0x80040e4d: Authentication failed.].

If I use the Sql Server 2000 OLEDB provider when creating the link I get this error

Server: Msg 18456, Level 14, State 1, Line 1
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

The same link using the SQLNCLI provider in Sql Server 2005

works and I am able to use double hop authentication.

My question is , does anyone know if double hop authentication is supported using a Sql Server 2000 linked server?


Using Kerberos as Authentication protocol and the appropiate configuration this should work even for SQL Server 2000.

http://msdn2.microsoft.com/en-us/library/aa905162(sql.80).aspx
http://msdn2.microsoft.com/en-us/library/ms189580.aspx

Jens K. Suessmeyer.

http://www.sqlserver2005.de

Posted by currentlycvbu at 6:24 AM
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)