We help IT Professionals succeed at work.

Problem accessing SQL server over a VPN


We got a company to come and install a physical VPN at work. We did that so that we could access sage over the VPN from the distant site of our company. Now they have installed the VPN, they say everything is correct, and we cannot access our application. When we launch it, we get the following message : "Cannot generate SSPi context".  We have a draytek vigor 2925.
The tech said it was something to do with SQL server. We have SQL server 2008R2.
If anyone got any idea, it would be welcome.

Watch Question

cpmcomputersManaging Director

Running sage is not a supported configuration over VPN
It will work after a fashion
But if you start posting transactions and have a connectivity issue you will almost certainly end up with corrupted databases

You would be better to consider terminal services (now Remote Desktop services )


Where did you get this information? We have a sage vendor who comes to our company often, to resolve sage problems, and he doesn't seem to be aware of this. Also, when asking sage itself, we didn't get this information.
cpmcomputersManaging Director

Here in the UK Sage can consistently stated that they do not recommend VPN  

If data corruption does occur they do not support it ?

May be different where you are ?


I don't know and I'm not very happy with this, we've been trying to set up a vpn for a long time and we've never had any info from sage about this. I will contact our sage vendor and ask about this.
Thanks anyway for the info, and I hope someone else will have something else to say.

We were able a few month ago to make sage work over a VPN, but the performance were not good enough. It was with a openvpn configuration, so now we are trying to do it over a physical VPN so the performance will be better.
cpmcomputersManaging Director
Yes I think this has always been the underling issue with Sage on VPN  - performance and stability

Just browsing transactions etc seems ok over VPN
But posting transactions is quite a heavy workload and on encapsulated packets on VPN ?

I would have a word with SAGE directly perhaps?
I have just spoken with my own Sage vendor and he confirmed my thoughts
Others may have a different experience and I stand to be corrected
Vitor MontalvãoIT Engineer
Distinguished Expert 2017
"Cannot generate SSPi context"
This is a very well known error with SQL Server and I even wrote an article about that. Please see if it helps.


Hello all,

First, cpmcomputers, my sage revendor told me that the applications are different from country to country. So it is possible that your sage in England is very different from my sage in Belgium.
My revendor has asked a specialist from sage for information about this. We still didn't receive any info from them.

Then Vitor, I read your solution, but the problem is not on the server side. We have no problem to access the server from inside the local network. If the problem was on the server side, we shouldn't be able to access the server at all if I understand the problem right. I mean if the server cannot generate a SPN and we are using active directory authentification.

I think it is a DNS problem, the guys installing the VPN couldn't make our DNS work.
I'm gonna try to test this with manual DNS and see if it works.
Thanks for your help.


So I tested the VPN again today. I can ping the name of my SQL server, so the DNS is ok. I have problems going into some computers on the network and I can't browse the content of certain computers. For example I can type the name of the computer and the name of a share in windows explorer and it will load it (not for all of them) but I cannot browse the computer and see all the shares.

Also, I must input the login and password each time I connect to a computer/share in the network.
I cannot input the domain when I connect to the VPN or it gives an error and cannot connect. I must leave domain to blank for it to work.

Is there a problem in the config of the VPN? is there a problem with the authentification?

I still cannot get into sage and get the same error each time (cannot generate SSPI context).
Finally got sage to work over the VPN. The problem was clearly linked to the authentification.
What we did is connecting to the VPN, then changing the user and then we got that user authentified trough the VPN.
After that it wasn't a problem to connect  to sage.

What we need to do now is to make the VPN connection before the authentification.
I know it was possible to do with openvpn, but I don't know how to do it with the basic VPN connection from windows. If anyone knows, I would be grateful for the explanation :)
cpmcomputersManaging Director

Might be best to post this latest development as a new question
you will probably get a faster answer

pleased you are getting there
Still not happy with sage over Vpn though ( I would push for a definitive answer?)
Thanks for all your help.

Well I got the answer from the web it's quite simple. Here is a link :

About VPN for sage, I got info back today from my sage vendor. He says sage tell him that VPN is ok in Belgium, and it is used for some clients already. He also said it was an authentication problem which I verifed today.

It seems the programs are not the same from country to country. It won't be the same in France or the UK or Belgium for example.


Kinda got the solutions wrong here, I needed to tag my own posts too, especially the last one and third before last one.
cpmcomputersManaging Director

Pleased you got this resolved = all that matters

( Maybe I should move to Belgium :-)  )


Yep it would be perfect thanks


Ok now it is correctly tagged.
Thanks for your help Vitor.