Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
DDBB_Admin
Starting Member
3 Posts |
 Posted - 2009-11-10 : 11:57:12
|
| Hi there,When setting up Replication between on SQL 2005 Server and a 2 Node ClusterSQL 2005 server I got an error message, searching about it, it seems to berelated with username trusted for delegation on the AD, googling a bit Ifound some references about using Setspn command to allow this usernameKerberos delegation.ERROR MESSAGE:This is the error message displayed when staring up Snapshot Agent on the 2node cluster servers publicator.Error messages:Unable to start execution of step 2 (reason: Error authenticating proxydomain\username, system error: Logon failure: unknown user name or badpassword.). The step failed.Any one knows how to execute the setspn command exactly (parameters and allstuff), or what is exactly the problem ??Thanks. |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2009-11-10 : 15:18:47
|
| have to be domain admin to setspn. also make sure AD account is trusted for delegation |
 |
|
|
DDBB_Admin
Starting Member
3 Posts |
Posted - 2009-11-11 : 02:10:43
|
| Hi Russell,I would like to trust the AD user for delegation to specified services only. The options in AD user properties (in delegation tab) selected are: - Trust this user for delegation to specified services only. - User Kerberos only. - In the 'Services to wich this account can present delegated credentials' i think that i have to add de SQL Server Agent services but i don't know how i can select it because if i execute "setspn -L" command i only can see SQL Server services. How i can add SQL Server Agent services? Many thanks. |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2009-11-11 : 09:44:09
|
| Is the SQL Server account same as SQL Agent account? If it is, you don't need to.Are you domain admin? If not, you need a domain admin to do this for you.Syntax is setspn servicename accountname |
|
|
|
DDBB_Admin
Starting Member
3 Posts |
Posted - 2009-11-11 : 11:53:05
|
| Hi Russell,First many thanks for you reply.The SQL Server account is the same than SQL Server Agent account. So i don't need to add the SQL Server Agent services? I only need to add the SQL Server services? I don't understand it very well; i only need to trust the AD user for delegation to specified services only (in my case i think that only to SQL Server Agent). In this case when i use setspn command as you say me (with syntax 'setspn servicename accountname') i supposed that 'servicename' parameter is the SQL Server services name (not SQL Server Agent services name) and accountname is the SQL Server Agent services account name (that is the same than SQL Server services account). It is correct? But in a different scenario, what were the steps if the SQL Server and SQL Server Agent account were different?Many thanks in advance. |
|
|
|
|
|
|
|
|
SetSpn, Replication on 2 node SQL 2005 Cluster