Hi Ken, Thanks for your reply, I was already following your blog for the setup when I discovered the missing service entry :), is there any reason the SPN would not be registered during SQL setup? I have now added the MSSQLSvc SPN manually (setspn) and everything seems to be working ok but would like to avoid this happening in the future if possible.
Cheers, Simon On Tue, Nov 15, 2011 at 2:27 PM, Ken Schaefer <[email protected]> wrote: > Hi,**** > > ** ** > > The MSSQLSvc SPN should be registered automatically during SQL Server > setup. It would appear under the computer account or user account that the > SQL Server services are running under.**** > > ** ** > > Then, you need to permit delegation at your front tier (hosting your web > service) to the backend SQL Server.**** > > ** ** > > Adding extra (duplicate) SPNs will break Kerberos, so make sure you need > to add this SPN before you do.**** > > ** ** > > http://www.adopenstatic.com/cs/blogs/ken/archive/2007/01/28/1282.aspx is > how you set this up for standard IIS and SQL Server (the delegation bit). > You’ll probably want to read part 3 on ensuring you are using Kerberos to > your front-tier box. There’s a list of the Kerberos FAQs here: > http://www.adopenstatic.com/faq/**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Simon Reed > *Sent:* Monday, 14 November 2011 4:15 PM > *To:* ozDotNet > *Subject:* Kerberos Issue**** > > ** ** > > Hi All,**** > > ** ** > > Having a bit of a tricky Kerberos issue with passing a credential through > to SQL server from a 4.0 WCF REST service. I've been trying to set up > Kerberos to get this working as multi hop will be an issue with the final > solution and currently i'm getting Login failed for user 'NT > AUTHORITY\ANONYMOUS LOGON' on all requests.**** > > Looking at the set up for Kerberos I need to be able to set the delegation > trust for this server by adding the MSSQLSvc in AD, but in the list of > available services MSSQLSvc does not appear. I have registered the SPN > MSSQLSvc/SERVERNAME:Port Account but no luck.**** > > I'm feeling a bit out of my depth here anyone got any ideas what step I've > missed?**** > > ** ** > > Cheers,**** > > Si**** >
