Can we have Linked Servers when using NTLM?

Posted by BlueRaja on Server Fault See other posts from Server Fault or by BlueRaja
Published on 2010-04-27T14:31:49Z Indexed on 2010/04/27 14:33 UTC
Read the original article Hit count: 633

Filed under:

sql-server

|

ntlm

|

kerberos

|

linked-server

I don't have access to the Active Directory settings, nor do I have access to change anything on the linked server.

From everything I've read, it seems like this means I cannot use Kerberos - which is a big problem, because I don't know how to use a linked server without it.

Is there any way to connect to a linked server without Kerberos?

Exact problem description

When I connect to the linked server while sitting in front of my server, it works fine; but when I try to connect to the linked server from any other computer (delegating through my server), it gives the error:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (Microsoft SQL Server, Error: 18456)

It seems that this is the "double-hop problem," and the usual solution is to enable Kerberos, which requires access to AD and the linked server.

I get the same error when I set security to "Be made using the login's current security context," and I can't use "Be made using this security context" because that appears to use SQL-authentication (which is not enabled on the linked server) instead of NTLM

© Server Fault or respective owner

Related posts about sql-server

SQL SERVER – Beginning SQL Server: One Step at a Time – SQL Server Magazine

as seen on SQL Authority - Search for 'SQL Authority'
I am glad to announce that along with SQLAuthority.com, I will be blogging on the prominent site of SQL Server Magazine. My very first blog post there is already live; read here: Beginning SQL Server: One Step at a Time. My association with SQL Server Magazine has been quite long, I have written nearly… >>> More
How to install SQL Server 2005 Configuration Manager without installing SQL Server Management Studio

as seen on Server Fault - Search for 'Server Fault'
Hi, I need to configure SQL Server aliases on a public-facing production server. To do that, I need to install SQL Server Configuration Manager. I was not able to find a standalone installer for that, so I am having to install SQL Server 2005 Client Components. This approach is not ideal as we don't… >>> More
[MAJ] SQL Server 2005 Express Edition - La version gratuite de SQL Server 2005

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Modification technique pour le site de l'article. >>> More
How to create SQL Server Express DB from SQL Server DB

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a SQL Server 2008 DB. I want to extract SOME tables (and associated schema, constraints, indexes, etc) and create a SQL Server Express DB. It isn't a sync of the target, we stomp on it. We ONLY need to do this in the file system (not across the wire). We are not fond of the synchronization… >>> More
sql server 2000 error, error trying to connect to sql server 2005

as seen on Stack Overflow - Search for 'Stack Overflow'
i am connecting to sql server 2000 on a remote computer with a dotnet application, but when i try to open the connection it gives the following error: When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections What… >>> More

Related posts about ntlm

Squid, NTLM, Windows 7 and IE8

as seen on Server Fault - Search for 'Server Fault'
I'm running Squid 2.7-stable4, Samba 3 and the Windows 7 RC with IE8. I have NTLM authentication setup on my squid proxy server and it works fine for every combination of browser and Windows (including IE8 on XP and Firefox on Win7), but it doesn't work (keeps asking for authentication) for IE8 on… >>> More
Active Directory and NTLM Authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Im writing an IIS Application, which manages AD users. For this purpose Ive configured site to use Negitiate AuthenticationProvider, and everything works. I wonder, is NTLM suitable for operations with Active Directory (such as creating user accounts)? Or AD accepts only Kerberos authentication? >>> More
Spring NTLM NtlmProcessingFilter do cache

as seen on Stack Overflow - Search for 'Stack Overflow'
does anyone tried doing cache for spring-ntlm NtlmProcessingFilter.java file so that every request no need to query from microsoft active directory to authenticate user ? how to implement such cache using ehcache >>> More
Apache configuration to make NTLM authentication work through a Proxy

as seen on Server Fault - Search for 'Server Fault'
I'm running an application server behind an Apache proxy with the following sort of thing in my Apache config: ProxyPass /app http://myapplication:8080/myapp ProxyPassReverse /app http://myapplication:8080/myapp When I switch on NTLM authentication (using mod_ntlm) the authentication fails… >>> More
Firefox for NTLM secured sites

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Spent the last weekend fighting to get firefox to connect to a sharepoint portal hosting my homegrown TFS instance's TFS/WEB and team project portal from a friends' place. Firefox is THE favourite browser and I was hating to se it fail miserably with NTLM authentication. Fun part is it showed the… >>> More