Double hop SQL delegation not working

Posted by eKoz on Stack Overflow See other posts from Stack Overflow or by eKoz
Published on 2012-06-26T21:11:32Z Indexed on 2012/06/26 21:15 UTC
Read the original article Hit count: 277

Filed under:
|
|

I've been trying to diagnose this for some time, and unfortunately Im still getting the dreaded anonymous logon issue when trying to connect to a sql db as a domain user.

Steps taken:

  • App Pool created with delegation service acct
  • Site / Virtual dir running with Integrated Windows auth only
  • Made sure site itself can use kerberos KB 215383
  • Service acct added to IIS_WPG group
  • Service acct added to "act as part of operating system" under Local Security settings
  • Service acct added to Log on as service under Local Security Settings
  • HTTP SPN set for web address + service account (and FQDN)
  • MSSQLSvc SPN set for sql box and domain acct sql is running as
  • Trust for delegation turned on service acct, specified services, and sql service acct

After all this, Im still getting the exact same error from when I started. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. This has advanced my balding by at least 5 years so far. I would greatly appreciate any additional tips on diagnosing or setting up.

© Stack Overflow or respective owner

Related posts about .NET

Related posts about sql