Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Cannot Generate SSPI context

Posted on 2004-08-26
Last Modified: 2008-03-04

I'm sure this question comes up here alot, and I searched the solutions but I don't subscribe so I couldn't see the ones that are already there. If this is a repeat question hopefully it will be an easy 500 points for somebody.

As the title states, I am getting the "Cannot Generate SSPI context" errors when I try to connect to a remote SQL Server DB.
I'll start by saying that I have read the MS KB articles, particularly "How to troubleshoot the SSPI context error". I've tried most of the stuff that I understand and think is relevant in that article, so I'm looking for a little more hand-holding here to get this solved and award the 500 points.

I'm running WinXP Pro w/ SQL Server 2000 SP 3a.
My computer is a member of DomainA, and the SQL Server I'm trying to connect to is a member of DomainB. I connect to DomainB using a VPN with windows authentication.

The really frustrating part of all of this is that two weeks ago, I had no problems connecting, then suddenly I started having this problem. I did a system restore to a point where I was able to make the connection without the sspi error, but that buggered up some other stuff I was working on that was creating bigger headaches than the SSPI problem, so I undid the restore, and the sspi problem is back. The only software that I installed in the meantime is from the WindowsUpdate site. No games or apps or anything else, that I can think of.

When I am connected to DomainB via VPN, I can ping the server (call it SQLTarget) by both name and IP address. If I do "ping SQLTarget /a" it resolves to the fully realized name and domain of the SQL Target machine.

I've tried uninstalling and reinstalling SQL2K a number of times, but no luck. The TargetSQL machine is running Win2K Server.

I can provide more info if you have questions, and I'm willing to try things I've already tried again if you suggest that I should, but like I've said I've read the knowledge base articles, and I'm either too dumb to follow the instructions there (there's a good chance this is the case) or I'm having a slightly different problem.

Thanks for your help,
Question by:Phinnegan
LVL 19

Expert Comment

by:Melih SARICA
ID: 11910089
Check this Page and also the topic Domain Account Delegation ( Domain verifying )



Author Comment

ID: 11917837
Hi non zero,

Thanks for your reply,

As I said in my original post, I've been through that KB article and tried the things that are within my knowledge and comfort zone.
The issue section that you bookmarked (Verify the Domain), as I understand it, is to ensure that the server and client are running on the same domain.

My computer runs on DomainA, and the server I'm trying to connect to runs on DomainB, but I connect to DomainB via VPN before attempting the SQL logon. I am able to ping the server on DomainB by name and it resolves to the fully qualified server domain name. I assume that means that I am at that point on DomainB through the VPN.
Some of the other points involve manipulating ActiveDirectory. The way I read them (points 4, 5 and 7) require manipulation of the server machine. But I am not familiar with Active Directory, so perhaps I'm reading it incorrectly. Either way, whether I'm being ignorant or something else, I've tried going through this article and it has not helped me to help myself.

I'm certain my solution does not require any changes to the server, since executing a system restore on the client to a point at the end of July makes the problem go away (but it introduces other bigger problems with my configuration).

So the correct solution could be right under my nose in that link you provided, but I'll need to ask for a little more help to find it if that's the case.
Thanks again for your reply,

Accepted Solution

badroch earned 250 total points
ID: 11969982
I readed only the HEad linessince its was a really long Question!

Your Error Cannot Generate SSPI context mean that SQL server is unable to log you using Nt authentification. So the ping is Meaningless.

Try connecting to using SQL Server authentification instead of NT security.
but make sure your server is configure to accept either NT Sercurity and SQL Server authentification.
if your using SQL server login but the server only accept NT Login (wich is the default) you will get this error again.

to run your application on cross domain you would need a trust relationship between both domain to accomplish NT security Login, and i'm pretty sure that a "xp Pro OS" won't syncronize both domains even. You would need connectivity between both domains not your computer and Domain B.
So again use "SQL server Login"

The easiest troubleshooting application for that would be Query Analyser.
its Simple, not too many feature, and the only functionality you need in the current case would be the Login...

Expert Comment

ID: 11983736

Check whether you can see the remote server from the Windows Explorer running on your local server. I had a similar problem once, and the reason for it was that the remote server's clock was set to year 2001, while the local clock was in 2004.

Also, try to make a SQL Server alias (using SQL Server Client Tools application)

Assisted Solution

mcp111 earned 250 total points
ID: 12047048

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Row insertion failed. Array 5 45
Powershell v3 - SQLCMD 3 26
SQL Recursion 6 16
question about results where i dont have a match 3 20
Let's review the features of new SQL Server 2012 (Denali CTP3). It listed as below: PERCENT_RANK(): PERCENT_RANK() function will returns the percentage value of rank of the values among its group. PERCENT_RANK() function value always in be…
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question