I'm running SQL 2000 SP4 on 2003 server. I'm trying to setup email alerts. I
configured the sql service and sql agent service to run as a domain account.
I made that account a member of the administrators group on the SQL server,
and restarted the services. Everything looked fine. The problem is, some of
my remote applications cannot connect when it is running as a domain
account, but they are fine when it is running as a local system account. On
a remote Microsoft WSUS server, it breaks when the SQL services on the SQL
server use a domain account. Osql on the remote box generates this:
Cannot generate SSPI context
I did try to research this before posting here, but I couldn't find anything
that described this problem. Everything was referring to PCs connecting from
a different domain. That is not the case here.
Thanks,
MatthewCannot Generate SSPI context is almost always related to there not being a
Service Principal Name defined for that server, account and port in a
Kerberos environment.
Domain accounts do not create an SPN, whereas Domain Admins and Local System
do.
Test this by making (temporarily) your startup account a domain admin and
the resetting in in SQL Enterprise Manager. restart and test connectivity.
If it connects, have your domain admin (must be a domain admin) create an
SPN for the MSSQLSvc in Active Directory.
See the Books Online article "Security Account Delegation" for formot of
what the resulting SPN should look like.
Also, make sure the SQL Server is listening on TCP...make that your first
step.
Kevin Hill
3NF Consulting
www.3nf-inc.com/NewsGroups.htm
"Matthew Kitchin (Usenet/Lists)" <mkitchin.public@.gmail.com> wrote in
message news:%231cmKJ33GHA.1300@.TK2MSFTNGP05.phx.gbl...
> I'm running SQL 2000 SP4 on 2003 server. I'm trying to setup email alerts.
> I configured the sql service and sql agent service to run as a domain
> account. I made that account a member of the administrators group on the
> SQL server, and restarted the services. Everything looked fine. The
> problem is, some of my remote applications cannot connect when it is
> running as a domain account, but they are fine when it is running as a
> local system account. On a remote Microsoft WSUS server, it breaks when
> the SQL services on the SQL server use a domain account. Osql on the
> remote box generates this:
> Cannot generate SSPI context
> I did try to research this before posting here, but I couldn't find
> anything that described this problem. Everything was referring to PCs
> connecting from a different domain. That is not the case here.
> Thanks,
> Matthew
>|||I am the domain admin, so that won't be a problem. As soon as some of the
current activity dies down, I will try this. Thanks!
"Kevin3NF" <Kevin@.DontNeedNoSpam3NF-inc.com> wrote in message
news:OxBRke33GHA.1288@.TK2MSFTNGP03.phx.gbl...
> Cannot Generate SSPI context is almost always related to there not being a
> Service Principal Name defined for that server, account and port in a
> Kerberos environment.
> Domain accounts do not create an SPN, whereas Domain Admins and Local
> System do.
> Test this by making (temporarily) your startup account a domain admin and
> the resetting in in SQL Enterprise Manager. restart and test
> connectivity.
> If it connects, have your domain admin (must be a domain admin) create an
> SPN for the MSSQLSvc in Active Directory.
> See the Books Online article "Security Account Delegation" for formot of
> what the resulting SPN should look like.
> Also, make sure the SQL Server is listening on TCP...make that your first
> step.
> --
> Kevin Hill
> 3NF Consulting
> www.3nf-inc.com/NewsGroups.htm
>
>
> "Matthew Kitchin (Usenet/Lists)" <mkitchin.public@.gmail.com> wrote in
> message news:%231cmKJ33GHA.1300@.TK2MSFTNGP05.phx.gbl...
>|||Thanks! Adding the SPN took care of it. I thought I was there, but now I'm
having problems configuring the alerts. Outlook 2003 SP2 is installed. I
logged in with he SQL service account, and setup the MAPI profile. That
worked fine. When I set up an operator logged in as the service account,
clicking Test email generates this error:
http://img167.imageshack.us/my.php?...sqlerroran3.png
If I log in as my self, it acts like it went through when I click test, but
no email is generated.
Any ideas?
Thanks again for your help.
-Matthew
"Kevin3NF" <Kevin@.DontNeedNoSpam3NF-inc.com> wrote in message
news:OxBRke33GHA.1288@.TK2MSFTNGP03.phx.gbl...
> Cannot Generate SSPI context is almost always related to there not being a
> Service Principal Name defined for that server, account and port in a
> Kerberos environment.
> Domain accounts do not create an SPN, whereas Domain Admins and Local
> System do.
> Test this by making (temporarily) your startup account a domain admin and
> the resetting in in SQL Enterprise Manager. restart and test
> connectivity.
> If it connects, have your domain admin (must be a domain admin) create an
> SPN for the MSSQLSvc in Active Directory.
> See the Books Online article "Security Account Delegation" for formot of
> what the resulting SPN should look like.
> Also, make sure the SQL Server is listening on TCP...make that your first
> step.
> --
> Kevin Hill
> 3NF Consulting
> www.3nf-inc.com/NewsGroups.htm
>
>
> "Matthew Kitchin (Usenet/Lists)" <mkitchin.public@.gmail.com> wrote in
> message news:%231cmKJ33GHA.1300@.TK2MSFTNGP05.phx.gbl...
>|||All I can tell you is that SQL mail is profiel specific...could be a
permissions issue on the profile itself?
That's not my area :-)
Kevin Hill
3NF Consulting
www.3nf-inc.com/NewsGroups.htm
"Matthew Kitchin (Usenet/Lists)" <mkitchin.public@.gmail.com> wrote in
message news:eMiLlw33GHA.5000@.TK2MSFTNGP02.phx.gbl...
> Thanks! Adding the SPN took care of it. I thought I was there, but now I'm
> having problems configuring the alerts. Outlook 2003 SP2 is installed. I
> logged in with he SQL service account, and setup the MAPI profile. That
> worked fine. When I set up an operator logged in as the service account,
> clicking Test email generates this error:
> http://img167.imageshack.us/my.php?...sqlerroran3.png
> If I log in as my self, it acts like it went through when I click test,
> but no email is generated.
> Any ideas?
> Thanks again for your help.
> -Matthew
> "Kevin3NF" <Kevin@.DontNeedNoSpam3NF-inc.com> wrote in message
> news:OxBRke33GHA.1288@.TK2MSFTNGP03.phx.gbl...
>|||This thing is baffling. I read a couple posts that just the 'Test' button
has issues. I scheduled some maintenance to run at 4 AM last night. It ran,
sent me the results, and the log indicated the job failed because the last
step, the email, failed.
The job failed. The Job was invoked by Schedule 4 (Schedule 1). The last
step to run was step 1 (Step 1). NOTE: Failed to notify 'SQL Alerts' via
email.
"Kevin3NF" <Kevin@.DontNeedNoSpam3NF-inc.com> wrote in message
news:uFBi8n43GHA.4924@.TK2MSFTNGP05.phx.gbl...
> All I can tell you is that SQL mail is profiel specific...could be a
> permissions issue on the profile itself?
> That's not my area :-)
> --
> Kevin Hill
> 3NF Consulting
> www.3nf-inc.com/NewsGroups.htm
>
>
> "Matthew Kitchin (Usenet/Lists)" <mkitchin.public@.gmail.com> wrote in
> message news:eMiLlw33GHA.5000@.TK2MSFTNGP02.phx.gbl...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment