Hello all,
Back-end: SS2000 SP2 + NT4
Front-end: A97 + XP
We are currently trying to add a Domain Server to our network. We added our
SQL Server to the domain and added a client too. Everything is working
fine... for maybe 20 or 30 minutes. Then the client generates this error:
-----------------
Connection failed:
SQLState: 'S1000'
SQL Server Error: 0
[Microsoft][ODBC SQL Server Driver]Cannot generate SSPI context
-----------------
Then we have to logout and login again. There is many KB on this error. We
try almost everthing without success. Now, the team is questionning the SQL
Server software config. Making it, hypotheticaly, to close a previously
opened connection and prevent a new one to being created. Both named pipes
and TCP/IP protocols are enabled in SS config.
So my main question is: Could this error be related to SS config/setup?
For more information about the error, here:
http://support.microsoft.com/kb/811889/en-us
you can read:
------------------
The SQL Server driver on a client computer uses integrated security to use
the Windows security token of the user account to successfully connect to a
computer that is running SQL Server. The Windows security token is delegated
from the client to the computer that is running SQL Server. The SQL Server
driver performs this delegation when the user's security token is delegated
from one computer to another by using one of the following configurations:
. NTLM over Named Pipes (not using Security Support Provider Interface
[SSPI])
. NTLM over TCP/IP sockets with SSPI
. Kerberos over TCP/IP sockets with SSPI
Security Support Provider Interface (SSPI) is a set of Windows APIs that
permits delegation and mutual authentication over any generic data transport
layer, such as TCP/IP sockets. Therefore, SSPI permits a computer that is
running a Windows operating system to securely delegate a user security
token from one computer to another over any transport layer that can
transmit raw bytes of data.
The "Cannot generate SSPI context" error is generated when SSPI uses
Kerberos to delegate over TCP/IP and Kerberos cannot complete the necessary
operations to successfully delegate the user security token to the
destination computer that is running SQL Server.
-------------------
Many thanks for your feedback.
Yannick