Sunday, March 20, 2011

Why Does It Say Unknown Caller

SQL Server how to fix the error Can not generate SSPI context

When you encounter this error "Can not generate SSPI context" when connecting to SQL Server or if this error is generated in the Event Viewer Server SQL Server can be caused by the following reasons:

1. Time differences between SQL Server and the client tries to connect

2. Time zone differences between SQL Server and the client tries to connect

3. Differences in hours between SQL Server and the domain controller

4. No record was made for SQL Server SPN, the SPN is used by Kerberos.

An SPN for SQL Server consists of the following:

  • ServiceClass : It identifies the general class of service. This is always MSSQLSvc for SQL Server.
  • Host: This is the DNS domain name of the computer you are running SQL Server.
  • Puerto : This is the port number on which the service is listening.

For example, a typical SPN for a computer running SQL Server is:

MSSQLSvc / SQLSERVER.CONTOSO.COM: 1433

Once these SetSPN SPN with the command, you should check the configuration of DNS servers, for this run the ping command and ping SQLServer-a [IPaddress] these commands must respond appropriately server name and the corresponding IP. If this is not the case then you should fix your DNS so that the security of SQL Server to function properly.

When you start an instance of SQL Server service is running under a domain account, it tries to register its own SPN in Active Directory using an API call DsWriteAccountSpn. If the call is unsuccessful, the following warning is logged in Event Viewer:

MSSQLServer EventID: 19011 Description: SuperSocket Info: (SpnRegister): Error 8344.

To grant the SQL Server service to automatically configure the SPN can then follow these steps:

  • To configure the SQL Server service to create SPNs dynamically, you must modify the access control settings for the account in the Active Directory directory service. You must grant permissions "Read ServicePrincipalName" and "Write ServicePrincipalName" for the user running the SQL Server.

This configuration is done using the ADSI Edit, the following steps ( http://support.microsoft.com/kb/811889/es ):

  1. Click Home and Run, type Adsiedit.msc click OK .
  2. In the ADSI Edit snap, expand Domain [DomainName ] , expand DC = RootDomainName , expand CN = Users , click the right mouse button CN = AccountName and then click Properties .
  3. Table Properties dialog CN = AccountName , click the Security tab .
  4. Security tab , click Advanced .
  5. dialog box Advanced Security Settings, make sure CURRENT shown below Permission entries. CURRENT
    If not listed, click Add and then add CURRENT . In
  6. Permission entries, click CURRENT and then click Modify .
  7. dialog box Permission Entry, click the Properties tab .
  8. tab Properties, click This object only listed Apply, and then make sure the boxes for the following permissions are selected under Permissions :
    • ServicePrincipalName
      • Read Write ServicePrincipalName
  9. Click three times in OK and then quit the ADSI Edit.

Greetings,

Mr. Eduardo Castro Martínez, PhD - Microsoft SQL Server MVP

http://tiny.cc/comwindows

http://mswindowscr.org

http://comunidadwindows.org

Costa Rica

Technorati Tags: SQL Server

LiveJournal Tags: SQL Server

del.icio.us Tags: SQL Server

http://ecastrom.blogspot.com

http://ecastrom.wordpress.com

http://ecastrom. spaces.live.com

http://universosql.blogspot.com

http://todosobresql.blogspot.com

http://todosobresqlserver.wordpress.com

http://mswindowscr.org/blogs/sql/default.aspx

http://citicr.org/blogs/noticias/default. aspx

http://sqlserverpedia.blogspot.com/

Posted by admin at 1:49 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)