• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Problem accessing SQL server over a VPN

Hello,

We got a company to come and install a physical VPN at work. We did that so that we could access sage over the VPN from the distant site of our company. Now they have installed the VPN, they say everything is correct, and we cannot access our application. When we launch it, we get the following message : "Cannot generate SSPi context".  We have a draytek vigor 2925.
The tech said it was something to do with SQL server. We have SQL server 2008R2.
If anyone got any idea, it would be welcome.

thanks.
0
vanroybel
Asked:
vanroybel
  • 9
  • 5
4 Solutions
 
cpmcomputersCommented:
Running sage is not a supported configuration over VPN
It will work after a fashion
But if you start posting transactions and have a connectivity issue you will almost certainly end up with corrupted databases

You would be better to consider terminal services (now Remote Desktop services )
0
 
vanroybelAuthor Commented:
Where did you get this information? We have a sage vendor who comes to our company often, to resolve sage problems, and he doesn't seem to be aware of this. Also, when asking sage itself, we didn't get this information.
0
 
cpmcomputersCommented:
Here in the UK Sage can consistently stated that they do not recommend VPN  

If data corruption does occur they do not support it ?

May be different where you are ?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
vanroybelAuthor Commented:
I don't know and I'm not very happy with this, we've been trying to set up a vpn for a long time and we've never had any info from sage about this. I will contact our sage vendor and ask about this.
Thanks anyway for the info, and I hope someone else will have something else to say.

We were able a few month ago to make sage work over a VPN, but the performance were not good enough. It was with a openvpn configuration, so now we are trying to do it over a physical VPN so the performance will be better.
0
 
cpmcomputersCommented:
Yes I think this has always been the underling issue with Sage on VPN  - performance and stability

Just browsing transactions etc seems ok over VPN
But posting transactions is quite a heavy workload and on encapsulated packets on VPN ?

I would have a word with SAGE directly perhaps?
I have just spoken with my own Sage vendor and he confirmed my thoughts
Others may have a different experience and I stand to be corrected
0
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
"Cannot generate SSPi context"
This is a very well known error with SQL Server and I even wrote an article about that. Please see if it helps.
0
 
vanroybelAuthor Commented:
Hello all,

First, cpmcomputers, my sage revendor told me that the applications are different from country to country. So it is possible that your sage in England is very different from my sage in Belgium.
My revendor has asked a specialist from sage for information about this. We still didn't receive any info from them.

Then Vitor, I read your solution, but the problem is not on the server side. We have no problem to access the server from inside the local network. If the problem was on the server side, we shouldn't be able to access the server at all if I understand the problem right. I mean if the server cannot generate a SPN and we are using active directory authentification.

I think it is a DNS problem, the guys installing the VPN couldn't make our DNS work.
I'm gonna try to test this with manual DNS and see if it works.
Thanks for your help.
0
 
vanroybelAuthor Commented:
So I tested the VPN again today. I can ping the name of my SQL server, so the DNS is ok. I have problems going into some computers on the network and I can't browse the content of certain computers. For example I can type the name of the computer and the name of a share in windows explorer and it will load it (not for all of them) but I cannot browse the computer and see all the shares.

Also, I must input the login and password each time I connect to a computer/share in the network.
I cannot input the domain when I connect to the VPN or it gives an error and cannot connect. I must leave domain to blank for it to work.

Is there a problem in the config of the VPN? is there a problem with the authentification?

I still cannot get into sage and get the same error each time (cannot generate SSPI context).
0
 
vanroybelAuthor Commented:
Finally got sage to work over the VPN. The problem was clearly linked to the authentification.
What we did is connecting to the VPN, then changing the user and then we got that user authentified trough the VPN.
After that it wasn't a problem to connect  to sage.

What we need to do now is to make the VPN connection before the authentification.
I know it was possible to do with openvpn, but I don't know how to do it with the basic VPN connection from windows. If anyone knows, I would be grateful for the explanation :)
0
 
cpmcomputersCommented:
Might be best to post this latest development as a new question
you will probably get a faster answer

pleased you are getting there
Still not happy with sage over Vpn though ( I would push for a definitive answer?)
0
 
vanroybelAuthor Commented:
Thanks for all your help.

Well I got the answer from the web it's quite simple. Here is a link :
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

About VPN for sage, I got info back today from my sage vendor. He says sage tell him that VPN is ok in Belgium, and it is used for some clients already. He also said it was an authentication problem which I verifed today.

It seems the programs are not the same from country to country. It won't be the same in France or the UK or Belgium for example.
0
 
vanroybelAuthor Commented:
Kinda got the solutions wrong here, I needed to tag my own posts too, especially the last one and third before last one.
0
 
cpmcomputersCommented:
Pleased you got this resolved = all that matters

( Maybe I should move to Belgium :-)  )
0
 
vanroybelAuthor Commented:
Yep it would be perfect thanks
0
 
vanroybelAuthor Commented:
Ok now it is correctly tagged.
Thanks for your help Vitor.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

  • 9
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now