Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2232
  • Last Modified:

Cannot Generate SSPI context


I'm sure this question comes up here alot, and I searched the solutions but I don't subscribe so I couldn't see the ones that are already there. If this is a repeat question hopefully it will be an easy 500 points for somebody.

As the title states, I am getting the "Cannot Generate SSPI context" errors when I try to connect to a remote SQL Server DB.
I'll start by saying that I have read the MS KB articles, particularly "How to troubleshoot the SSPI context error". I've tried most of the stuff that I understand and think is relevant in that article, so I'm looking for a little more hand-holding here to get this solved and award the 500 points.

I'm running WinXP Pro w/ SQL Server 2000 SP 3a.
My computer is a member of DomainA, and the SQL Server I'm trying to connect to is a member of DomainB. I connect to DomainB using a VPN with windows authentication.

The really frustrating part of all of this is that two weeks ago, I had no problems connecting, then suddenly I started having this problem. I did a system restore to a point where I was able to make the connection without the sspi error, but that buggered up some other stuff I was working on that was creating bigger headaches than the SSPI problem, so I undid the restore, and the sspi problem is back. The only software that I installed in the meantime is from the WindowsUpdate site. No games or apps or anything else, that I can think of.

When I am connected to DomainB via VPN, I can ping the server (call it SQLTarget) by both name and IP address. If I do "ping SQLTarget /a" it resolves to the fully realized name and domain of the SQL Target machine.

I've tried uninstalling and reinstalling SQL2K a number of times, but no luck. The TargetSQL machine is running Win2K Server.

I can provide more info if you have questions, and I'm willing to try things I've already tried again if you suggest that I should, but like I've said I've read the knowledge base articles, and I'm either too dumb to follow the instructions there (there's a good chance this is the case) or I'm having a slightly different problem.

Thanks for your help,
2 Solutions
Melih SARICAIT ManagerCommented:
Check this Page and also the topic Domain Account Delegation ( Domain verifying );en-us;811889#5

PhinneganAuthor Commented:
Hi non zero,

Thanks for your reply,

As I said in my original post, I've been through that KB article and tried the things that are within my knowledge and comfort zone.
The issue section that you bookmarked (Verify the Domain), as I understand it, is to ensure that the server and client are running on the same domain.

My computer runs on DomainA, and the server I'm trying to connect to runs on DomainB, but I connect to DomainB via VPN before attempting the SQL logon. I am able to ping the server on DomainB by name and it resolves to the fully qualified server domain name. I assume that means that I am at that point on DomainB through the VPN.
Some of the other points involve manipulating ActiveDirectory. The way I read them (points 4, 5 and 7) require manipulation of the server machine. But I am not familiar with Active Directory, so perhaps I'm reading it incorrectly. Either way, whether I'm being ignorant or something else, I've tried going through this article and it has not helped me to help myself.

I'm certain my solution does not require any changes to the server, since executing a system restore on the client to a point at the end of July makes the problem go away (but it introduces other bigger problems with my configuration).

So the correct solution could be right under my nose in that link you provided, but I'll need to ask for a little more help to find it if that's the case.
Thanks again for your reply,
I readed only the HEad linessince its was a really long Question!

Your Error Cannot Generate SSPI context mean that SQL server is unable to log you using Nt authentification. So the ping is Meaningless.

Try connecting to using SQL Server authentification instead of NT security.
but make sure your server is configure to accept either NT Sercurity and SQL Server authentification.
if your using SQL server login but the server only accept NT Login (wich is the default) you will get this error again.

to run your application on cross domain you would need a trust relationship between both domain to accomplish NT security Login, and i'm pretty sure that a "xp Pro OS" won't syncronize both domains even. You would need connectivity between both domains not your computer and Domain B.
So again use "SQL server Login"

The easiest troubleshooting application for that would be Query Analyser.
its Simple, not too many feature, and the only functionality you need in the current case would be the Login...

Check whether you can see the remote server from the Windows Explorer running on your local server. I had a similar problem once, and the reason for it was that the remote server's clock was set to year 2001, while the local clock was in 2004.

Also, try to make a SQL Server alias (using SQL Server Client Tools application)
Partha MandayamTechnical DirectorCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now