Results 1 to 3 of 3

Thread: Various Login Errors when attempting to implement Kerberos

  1. #1
    Join Date
    May 2012
    Location
    MI
    Posts
    3

    Various Login Errors when attempting to implement Kerberos

    Hello,

    Environment:
    3 BizTalk servers in a group
    2 clustered SQL nodes.
    Node-A has the BizTalk databases (Node-A\INST1)
    Node-B has BAM and SSODB databases (Node-B\Inst2)

    We are attempting to implement Kerberos authentication from our BizTalk 2006 R2 servers to clustered SQL Server 2005 servers.

    Process:
    Edit BizTalk config file to use kerberos.
    Create SPN's. We create a total of 8 SPN's.
    Restart SQL instances

    Problem History:
    After completing the 3 steps above, we get various errors in the SQL logs:
    - Error 18456, login failed for "domain\user". [SQLSTATE 28000]. User account is for the account running SQL.
    - Login to server "Node-A\INST1" failed (ConnAttemptCachableOp)
    - Login to server "Node-A\INST1" failed (ConnUpdateJobActivity_NextScheduledRunDate)
    - Login to server "Node-A\INST1" failed (JobManager)
    - Login failed for user "domain\user". [Client: [url]www.xxx.yyy.zzz] (Here, the user is the account running the BizTalk services)
    - Error 18456, Severity 14, State: 16
    - Error 18456, Severity 14, State: 11

    On yesterday's attempt to try this, the BizTalk host instances all stopped while the SPN's existed. Once the SPN's were deleted, the host instances all started w/o operator intervention.

    On the BizTalk servers, the application logs have errors which say the following:

    SSO AUDIT
    Function: GetConfigInfo ({9284BE78-FAB5-41A6-A121-8F9821882452})
    Tracking ID: c3fcbbae-5400-4b06-bd6e-ba1285965fe6
    Client Computer: <BizTalk server FQDN> (BTSNTSvc.exe:3956)
    Client User: -
    Application Name: {9284BE78-FAB5-41A6-A121-8F9821882452}
    Error Code: 0xC0002A10, Enterprise Single Sign-On is offline.

    We have no idea why we're getting these errors. We know that the accounts and passwords are correct. They have not been changed in ages. We can logon to servers using these accounts.

    Can anyone help by providing some insight here? We're really struggling.

    Thanks in advance,
    DetRich

  2. #2
    Join Date
    Jan 2006
    Posts
    605

    Re: Various Login Errors when attempting to implement Kerberos

    What happens when you try to start SQL Server in Single User Mode and then can you also try to logon as (local)\Administrator. If they are Windows logins, try dropping them and readding them. Do the same for the database users. The logins may have been dropped and readded in the AD.

  3. #3
    Join Date
    May 2012
    Location
    MI
    Posts
    3

    Re: Various Login Errors when attempting to implement Kerberos

    Have not tried running SQL in Single User Mode.
    I plan on dropping and re-adding the account is SQL. From a previous post, I understand there may be a SID mis-match because the account may have been dropped/re-added in the past.

Similar Threads

  1. When I Login then it asks for Kerberos Agent password?
    By venkat=raghavan in forum Technology & Internet
    Replies: 3
    Last Post: 20-10-2010, 12:42 PM
  2. Firefox Login Session errors
    By WarHammer in forum Technology & Internet
    Replies: 1
    Last Post: 03-11-2008, 08:11 PM
  3. KRB_AP_ERR_MODIFIED Kerberos ID 4
    By aDeeB! in forum Active Directory
    Replies: 2
    Last Post: 20-09-2007, 06:18 PM
  4. DC Kerberos Errors
    By Zachary Dundore in forum Active Directory
    Replies: 4
    Last Post: 18-04-2007, 01:21 AM
  5. Event ID: 537 Kerberos
    By Evan in forum Windows Server Help
    Replies: 4
    Last Post: 22-10-2006, 09:16 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,699,774.20447 seconds with 17 queries