Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' in baseline script - but delegation seems fine
DylanP
Posts: 10 New member
I've installed Change Automation in SSMS for a fresh start on our existing database. It has shown us a lot of problems with stored procedures and missing objects, but that's fine, we've cleaned that up.
The problem seems to be now with a linked server. Let's say Server 1 is S1, Server 2 is S2, etc, the database in question is DB1, and so on.
The DB we want to source control is S1.DB1, so that's the baseline I've created. There is a copy on our dev server, so S2.DB1, which is our development target. One of the stored procedures in DB1 reads a table from a linked server S3, and that connection is fine - procedure works in production and I can run scripts manually on both S1 and S2. However, when I go to the Generate Migrations or Verify tabs in SQL Change Automation, it creates the shadow S2.DB1_SHADOW and runs the script, then errors with "Login failed for user NT AUTHORITY\ANONYMOUS LOGON'
Now, I know that's a kerberos double-hop issue, but we've checked the settings in Server 2 and Server 3. They seem to have delegation set up in the Active Directory, and both service accounts seem to have had the correct Service Provider names set up. I'm not sure what else to try.
The problem seems to be now with a linked server. Let's say Server 1 is S1, Server 2 is S2, etc, the database in question is DB1, and so on.
The DB we want to source control is S1.DB1, so that's the baseline I've created. There is a copy on our dev server, so S2.DB1, which is our development target. One of the stored procedures in DB1 reads a table from a linked server S3, and that connection is fine - procedure works in production and I can run scripts manually on both S1 and S2. However, when I go to the Generate Migrations or Verify tabs in SQL Change Automation, it creates the shadow S2.DB1_SHADOW and runs the script, then errors with "Login failed for user NT AUTHORITY\ANONYMOUS LOGON'
Now, I know that's a kerberos double-hop issue, but we've checked the settings in Server 2 and Server 3. They seem to have delegation set up in the Active Directory, and both service accounts seem to have had the correct Service Provider names set up. I'm not sure what else to try.
Tagged:
Answers
Thank you for your forum post.
Can you please increase the minimum logging level to Debug? Help menu ->Logging ->Log Level and Set the Debug option. The default is Info.
Repeat the previous steps:
However, when I go to the Generate Migrations or Verify tabs in SQL Change Automation, it creates the shadow S2.DB1_SHADOW and runs the script, then errors with "Login failed for user NT AUTHORITY\ANONYMOUS LOGON'
When the problem occurs, locate the current log file and sent a copy to support@red-gate.com. This action will create a support ticket and we can then further investigate the problem.
Many Thanks
Eddie
Senior Product Support Engineer
Redgate Software Ltd
Email: support@red-gate.com
Anyway, fixed now.