[Webinar] Streamline your web hosting managementRegister Today


Cannot Generate SSPI context

Posted on 2004-08-26
Medium Priority
Last Modified: 2008-03-04

I'm sure this question comes up here alot, and I searched the solutions but I don't subscribe so I couldn't see the ones that are already there. If this is a repeat question hopefully it will be an easy 500 points for somebody.

As the title states, I am getting the "Cannot Generate SSPI context" errors when I try to connect to a remote SQL Server DB.
I'll start by saying that I have read the MS KB articles, particularly "How to troubleshoot the SSPI context error". I've tried most of the stuff that I understand and think is relevant in that article, so I'm looking for a little more hand-holding here to get this solved and award the 500 points.

I'm running WinXP Pro w/ SQL Server 2000 SP 3a.
My computer is a member of DomainA, and the SQL Server I'm trying to connect to is a member of DomainB. I connect to DomainB using a VPN with windows authentication.

The really frustrating part of all of this is that two weeks ago, I had no problems connecting, then suddenly I started having this problem. I did a system restore to a point where I was able to make the connection without the sspi error, but that buggered up some other stuff I was working on that was creating bigger headaches than the SSPI problem, so I undid the restore, and the sspi problem is back. The only software that I installed in the meantime is from the WindowsUpdate site. No games or apps or anything else, that I can think of.

When I am connected to DomainB via VPN, I can ping the server (call it SQLTarget) by both name and IP address. If I do "ping SQLTarget /a" it resolves to the fully realized name and domain of the SQL Target machine.

I've tried uninstalling and reinstalling SQL2K a number of times, but no luck. The TargetSQL machine is running Win2K Server.

I can provide more info if you have questions, and I'm willing to try things I've already tried again if you suggest that I should, but like I've said I've read the knowledge base articles, and I'm either too dumb to follow the instructions there (there's a good chance this is the case) or I'm having a slightly different problem.

Thanks for your help,
Question by:Phinnegan
LVL 19

Expert Comment

by:Melih SARICA
ID: 11910089
Check this Page and also the topic Domain Account Delegation ( Domain verifying )



Author Comment

ID: 11917837
Hi non zero,

Thanks for your reply,

As I said in my original post, I've been through that KB article and tried the things that are within my knowledge and comfort zone.
The issue section that you bookmarked (Verify the Domain), as I understand it, is to ensure that the server and client are running on the same domain.

My computer runs on DomainA, and the server I'm trying to connect to runs on DomainB, but I connect to DomainB via VPN before attempting the SQL logon. I am able to ping the server on DomainB by name and it resolves to the fully qualified server domain name. I assume that means that I am at that point on DomainB through the VPN.
Some of the other points involve manipulating ActiveDirectory. The way I read them (points 4, 5 and 7) require manipulation of the server machine. But I am not familiar with Active Directory, so perhaps I'm reading it incorrectly. Either way, whether I'm being ignorant or something else, I've tried going through this article and it has not helped me to help myself.

I'm certain my solution does not require any changes to the server, since executing a system restore on the client to a point at the end of July makes the problem go away (but it introduces other bigger problems with my configuration).

So the correct solution could be right under my nose in that link you provided, but I'll need to ask for a little more help to find it if that's the case.
Thanks again for your reply,

Accepted Solution

badroch earned 1000 total points
ID: 11969982
I readed only the HEad linessince its was a really long Question!

Your Error Cannot Generate SSPI context mean that SQL server is unable to log you using Nt authentification. So the ping is Meaningless.

Try connecting to using SQL Server authentification instead of NT security.
but make sure your server is configure to accept either NT Sercurity and SQL Server authentification.
if your using SQL server login but the server only accept NT Login (wich is the default) you will get this error again.

to run your application on cross domain you would need a trust relationship between both domain to accomplish NT security Login, and i'm pretty sure that a "xp Pro OS" won't syncronize both domains even. You would need connectivity between both domains not your computer and Domain B.
So again use "SQL server Login"

The easiest troubleshooting application for that would be Query Analyser.
its Simple, not too many feature, and the only functionality you need in the current case would be the Login...

Expert Comment

ID: 11983736

Check whether you can see the remote server from the Windows Explorer running on your local server. I had a similar problem once, and the reason for it was that the remote server's clock was set to year 2001, while the local clock was in 2004.

Also, try to make a SQL Server alias (using SQL Server Client Tools application)

Assisted Solution

mcp111 earned 1000 total points
ID: 12047048

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question