VPN "Cannot generate SSPI context"

Posted on 2006-05-06
Last Modified: 2008-01-09
Hi Experts,

I have a VPN connection that works just fine to connect to SQL 2000 Server using the enterprise manager.  I also have linked tables to the same server and databases.  This connect is through a cable modem.

 Now I am trying to work from a different location which is also a cable modem the problem is that with this connection I get "cannot generate sspi context"  I have looked at the different questions already posted and none seem to fit my scenerio.  Can anyone assist?  Thanks
Question by:millerfw
    LVL 75

    Expert Comment

    by:Aneesh Retnakaran
    LVL 4

    Accepted Solution

    One thing to check is the SQL Client Network stack. This is configured in the (SQL Server) Client Network Utility. What you will probably find is that the working clients either have Named Pipes before TCP/IP, or left out TCP/IP. While the problem client will have TCP/IP first, or left out Named Pipes.

    At a guess, you are running the SQL Server with a Domain Account, but it does not have the permission to register the SQL Server's SPN (Service Principal Name). This means that it cannot use delegation, which probably isn't a problem for you guys. But when someone tries to attach using TCP/IP, it can't use Kerberos and throws the error.

    Clients that connect Named Pipes just by-pass Kerberos and security account delegation.

    This will also happen if you are logged into your machine for days or weeks at a time and your password has expired. The PDC knows your password has expired, but your machine doesn't. So when Sql Server goes to authenticate you, you will fail due to password expiration on the domain account, thus receiving the error you mentioned above.

    A couple of basic things:
    If you're running active directory make sure the SQL Server is in the same AD Forest as you are. If connecting from Win95 or win98 make sure Microsoft Client Network is installed. If on NT make sure net logon service is installed.

    You can also get help from the follwoing link:

    Chetan Sachdeva

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Introduction: I have seen many questions on EE and elsewhere, asking about how to find either gaps in lists of numbers (id field, usually) ranges of values or dates overlapping date ranges combined date ranges I thought it would be a good …
    This article explains all about SQL Server Piecemeal Restore with examples in step by step manner.
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now