September 8, 2021 at 3:34 pm
I have problem with windows authentication. I have two domains (Lets say A and B), and server which is at the domain A. It is an default instance on the server and it uses AD account as an service account. What is a little bit odd is that there is a small difference between DNS of that VM and SQL hostname.
I created two SQL logins- one on domain A and the second at domain B. With account which is at the same domain as server I can connect using DNS, hostname (I have an impression that this one is a little bit slower) and IP. When I am tring to connect with account from domain B - it works if I use IP address, but when I am using DNS or hostname I get an error
Cannot connect to XYZ
The target principal name is incorrect. Cannot generate SSPI context. (Microsoft SQL Server, Error: 0)
I noticed that at other server from the same domain everything works fine and the only difference which I notice is that SQL uses local, not AD account.
Could you please advise what can causing that? My guess was that there is some privilige missing for service account, but in such case authentication with IP should not work to.
September 9, 2021 at 4:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
September 10, 2021 at 8:29 am
What do you mean by "there is a small difference in DNS between VM and SQL hostname"
What software do you use for the connection?
Do you connect using the fully qualified domain name myservera.mydomaina.com ?
The situation is ?
MyDBA is on myservera.mydomaina.com
MyDBB is on myserverb.mydomainb.com
Created the login myuser@domaina.com on both SQL-servers.
Logged in as myuser@domaina.com on myservera.mydomaina.com
Connecting from myservera.mydomaina.com to myserverb.mydomainb.com fails with The target principal name is incorrect. Cannot generate SSPI context. Using SSMS on myservera with windowsauthentication
Is this assumption correct?
September 27, 2021 at 12:48 pm
Hi, I am really sorry for such late response.
What do you mean by "there is a small difference in DNS between VM and SQL hostname"
DNS of VM is 'xxxxxxx-01', while in management studio while if I go to 'Object Explorer' right-click on the server name, and properties as a name of the server (first line of General page) I can see 'xxxxxxx' (without '-01' )
What software do you use for the connection?
I was trying only with management studio.
Do you connect using the fully qualified domain name myservera.mydomaina.com ?
I was testing xxxxxxx.mydomaina.com, xxxxxxx-01.mydomaina.com, xxxxxxx, xxxxxxx-01 each time effect was the same. The only difference was when i was using IP address (in that case I was able to connect).
Is this assumption correct?
yep, that's pretty much mine situation.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply