How to give a user account rights to register its own Service Principal Name (SPN)

I recently had a SQL server where the SQL instance had a different name than the hostname. Not having rights to connect to SQL, I wasn’t aware of that. So, I registered the SPNs as they should have been registered, and it was still falling back to NTLM (see: failing).

SQL Server will register its [...]

December 30th, 2009 | Tags: , , , , | Category: Active Directory, SQL Server | Leave a comment

How to configure AD, SQL, and IIS for two-hop Kerberos authentication

Recently, some of our developers were writing an app that required impersonation from the web service, as the user, to the database. Admittedly, Kerberos isn’t one of my strong points.

There were two hops here. From the user -> IIS server and from IIS Server -> SQL Server, but the application in IIS would impersonate the [...]

October 24th, 2009 | Tags: , , , , , , | Category: Active Directory, IIS7, Microsoft, SQL Server, Server Management, Windows Server 2008 | One comment