stackoom
  简体   繁体   中英

SSIS: Login failed for user 'NT AUTHORITY\ ANONYMOUS LOGON'

 原文  2020-03-26 07:13:05       sql-server/ ssis

Question

Preface: SSIS packages are deployed on SQL server, say serv1, and in these packages connections are made,using windows authentication, to another SQL server, serv2. And

  1. I am using windows authentication, a domain account, to login on serv1
  2. This account also has login on serv2, although through different windows group
  3. SPN are registered for both SQL server's service accounts and delegation is ON.
  4. auth_scheme is kerberos. Although for service accounts NTLM is being used because network layer protocol is Shared memory . And for other domain accounts kerberos, TCP is being used.

While executing these packages, they fail with error message Login failed for user 'NT AUTHORITY\\ ANONYMOUS LOGON' . All solutions to this scenario point to Double Hop problem . Everywhere the solution includes the steps mentioned above. Is there anything that I am missing here.

1 answers

solution1
 0  2020-04-02 16:08:27

While you could probably figure out the kerberos issue, I generally avoid the issue altogether. Here are a few ways that you might address it:

  1. Execute the package with SQL Agent under the sql agent service account, if the service account is a Group managed service account (GMSA) or an actual domain account. A login can be created for the account on the target server. GMSA accounts provide an extra level of security - more on that here: https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview .
  2. Execute the package with SQL Agent under a proxy account. This stores the credentials in SQL Server and is easier to do if you do not have the permissions to change the account for the sql agent service. More on setting up a proxy here: https://docs.microsoft.com/en-us/sql/ssms/agent/create-a-sql-server-agent-proxy?view=sql-server-ver15 . Once the proxy account is created, you'll be able to select as an option in the sql agent job
  3. You could change the connections to use SQL authentication, though the options above are preferred in terms of security. This would be an option if you do not have sql agent for some reason.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSIS error: Login failed for user “NT AUTHORITY\ANONYMOUS LOGON” sqlcmd: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' BCP Export Login Failed for User NT Authority/Anonymous Logon Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. in sql server MVC local dev The underlying provider failed on open - Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' in Firefox only Impersonating sqlcmd.exe from Local service : Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' Login Failed for user 'NT AUTHORITY\ANONYMOUS LOGON' when connecting from a different SQL Server Login failed for user 'NT AUTHORITY\\ANONYMOUS LOGON' when accessing sql server from a wcf service with impersonation SQL Server 2000 + ASP.NET: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' Connect to db server from an app server: (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM