Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
PaulTeal
Yak Posting Veteran
67 Posts |
 Posted - 2005-12-15 : 20:07:30
|
| I am trying to set up a linked server relationship between SQL Server One and SQL Server Two. The relationship is set up, and a login for my windows authentication account is set up using sp_addlinkedsrvlogin. Yet when I try to run a distributed query on a client connected to SQL Server One, I get this error:Server: Msg 18456, Level 14, State 1, Line 1Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.I am using TCP/IP, Named Pipes, and Multi-protocol network libraries on both boxes.Any ideas?Paul Tealpaul@partytilyoupop.com |
|
|
activecrypt
Posting Yak Master
165 Posts |
Posted - 2005-12-16 : 01:25:12
|
| Hi,have you map user account at both server using sp_addlinkedsrvlogin ?! it shows that login permission is not granted ! is both sql server from two different domain ? if yes then you need to set trust relationship between two domains in order to get login with windows authentication.:-)RegardsAndy DavisActivecrypt Team--------------------------------------------SQL Server Encryption Softwarehttp://www.activecrypt.com |
 |
|
|
DBADave
Constraint Violating Yak Guru
366 Posts |
Posted - 2005-12-16 : 12:46:25
|
| These three items have to be true in order to use NT Authentication with linked servers.(1) A user is connected to SQL Server using Windows Authentication Mode.(2) Security account delegation is available on the client and sending server.(3) The provider supports Windows Authentication Mode (for example, SQL Server running on Windows NT). Security account delegation is the ability to connect to multiple servers, and with each server change, to retain the authentication credentials of the original client. For example, if a user (LONDON\joetuck) connects to ServerA, which then connects to ServerB, ServerB knows that the connection security identity is LONDON\joetuck. To use delegation, all servers that you are connecting to must be running Microsoft® Windows® 2000, with Kerberos support enabled, and you must be using Microsoft Active Directory™, the directory service for Windows 2000. The following options in Active Directory must be specified as follows in order for delegation to work: (1) The Account is sensitive and cannot be delegated check box must not be selected for the user requesting delegation.(2) The Account is trusted for delegation check box must be selected for the service account of SQL Server.(3) The Computer is trusted for delegation check box must be selected for the server running an instance of Microsoft SQL Server™. See BOL for more information on security account deligation.Dave |
|
|
|
PaulTeal
Yak Posting Veteran
67 Posts |
Posted - 2006-01-10 : 14:38:15
|
| Thank you, activecrypt and DBADave. We have it workd out.Paul Tealpaul@partytilyoupop.com |
|
|
|
|
|
|
|
|
Anonymous Logon