Cannot generate SSPI context
Hello... I am a SQL Server machine...it has SQL Server 2005 and 2008 Express...
When trying to use the SQL Server Management Studio to remotely connect to it...I get a "Cannot Generate SSPI Context" error...
I need help... Thanks...
When trying to use the SQL Server Management Studio to remotely connect to it...I get a "Cannot Generate SSPI Context" error...
I need help... Thanks...
chapmandew
have you changed your pwd recently?
ASKER
No... not at all... this is a small "Lab network" we built to do software development on. I am a developer, not a SQL Server DBA.... so SQL Server admin stuff is new to me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I had this issue before and resolved it. this is due to SPN issue. follow this to resovle Resolution:
To configure the SQL Server service to create SPNs dynamically, follow these steps:
1. Click Start, click Run, type Adsiedit.msc, and then click OK.
2. In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN= AccountName, and then click Properties.
Notes
" DomainName is a placeholder for the name of the domain.
" RootDomainName is a placeholder for the name of the root domain.
" AccountName is a placeholder for the account that you specify to start the SQL Server service.
" If you specify the Local System account to start the SQL Server service, AccountName is a placeholder for the account that you use to log on to Microsoft Windows.
" If you specify a domain user account to start the SQL Server service, AccountName is a placeholder for the domain user account.
3. In the CN= AccountName Properties dialog box, click the Security tab.
4. On the Security tab, click Advanced.
5. In the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries.
If SELF is not listed, click Add, and then add SELF.
6. Under Permission entries, click SELF, and then click Edit.
7. In the Permission Entry dialog box, click the Properties tab.
8. On the Properties tab, click This object only in the Apply onto list, and then make sure that the check boxes for the following permissions are selected under Permissions:
" Read servicePrincipalName
" Write servicePrincipalName
9. Click OK three times, and then exit the ADSI Edit snap-in.
To configure the SQL Server service to create SPNs dynamically, follow these steps:
1. Click Start, click Run, type Adsiedit.msc, and then click OK.
2. In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN= AccountName, and then click Properties.
Notes
" DomainName is a placeholder for the name of the domain.
" RootDomainName is a placeholder for the name of the root domain.
" AccountName is a placeholder for the account that you specify to start the SQL Server service.
" If you specify the Local System account to start the SQL Server service, AccountName is a placeholder for the account that you use to log on to Microsoft Windows.
" If you specify a domain user account to start the SQL Server service, AccountName is a placeholder for the domain user account.
3. In the CN= AccountName Properties dialog box, click the Security tab.
4. On the Security tab, click Advanced.
5. In the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries.
If SELF is not listed, click Add, and then add SELF.
6. Under Permission entries, click SELF, and then click Edit.
7. In the Permission Entry dialog box, click the Properties tab.
8. On the Properties tab, click This object only in the Apply onto list, and then make sure that the check boxes for the following permissions are selected under Permissions:
" Read servicePrincipalName
" Write servicePrincipalName
9. Click OK three times, and then exit the ADSI Edit snap-in.
also check the SPN using ldifde.
ASKER
Yeah... thanks for the info asadeen:.... that is good to know..
Hopefully we don't run into this problem again... It seems our domain controllers firewall was causing problems authenicating the SQL Server machine.... I don't think SQL Server machine was even on the domain.... Who know... but thanks for the info.
Hopefully we don't run into this problem again... It seems our domain controllers firewall was causing problems authenicating the SQL Server machine.... I don't think SQL Server machine was even on the domain.... Who know... but thanks for the info.