Double hop SQL delegation not working
Posted
by
eKoz
on Stack Overflow
See other posts from Stack Overflow
or by eKoz
Published on 2012-06-26T21:11:32Z
Indexed on
2012/06/26
21:15 UTC
Read the original article
Hit count: 277
I've been trying to diagnose this for some time, and unfortunately Im still getting the dreaded anonymous logon issue when trying to connect to a sql db as a domain user.
Steps taken:
- App Pool created with delegation service acct
- Site / Virtual dir running with Integrated Windows auth only
- Made sure site itself can use kerberos KB 215383
- Service acct added to IIS_WPG group
- Service acct added to "act as part of operating system" under Local Security settings
- Service acct added to Log on as service under Local Security Settings
- HTTP SPN set for web address + service account (and FQDN)
- MSSQLSvc SPN set for sql box and domain acct sql is running as
- Trust for delegation turned on service acct, specified services, and sql service acct
After all this, Im still getting the exact same error from when I started. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. This has advanced my balding by at least 5 years so far. I would greatly appreciate any additional tips on diagnosing or setting up.
© Stack Overflow or respective owner