|
sponsored links |
|
|
sponsored links
|
|
1
18th May 16:14
External User
Posts: 1
|
BizDesk & NULL user?
I can get the BizDesk client installed locally, but when I try to execute - I
get the following error: Microsoft Commerce Configuration (0x80004005) Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. SiteConfigReadOnly:Initialize /LM/w3svc/1469809574/Root/bizdesk/global.asa, line 118 The database is on a server other than the one that Commerce Server, CMS, IIS, and MSIB are on. We're trying to get integrated security to work. I've verified that Named Pipes is NOT enabled on the web server that is talking with the SQL Server. Any ideas on how to proceed? - Craig |
|
|
|
2
29th May 14:14
External User
Posts: 1
|
BizDesk & NULL user?
When I run SQL Profiler, I'm finding that the account being used is
"'NTAUTHORITY\ANONYMOUS LOGON'". We were intending the account to be a different domain service account. The IIS site looks to be configured for integrated security and not anonymous. Any ideas? - Craig |
|
|
|
3
29th May 14:15
External User
Posts: 1
|
BizDesk & NULL user?
When I run SQL Profiler, I'm finding that the account being used is
"'NTAUTHORITY\ANONYMOUS LOGON'". We were intending the account to be a different domain service account. The IIS site looks to be configured for integrated security and not anonymous. Any ideas? - Craig |
|
|
|
4
29th May 14:16
External User
Posts: 1
|
BizDesk & NULL user?
Hi Craig,
Are you still running into this issue? -James This posting is provided "AS IS" with no warranties, and confers no rights. EBusiness Server Team From: "=?Utf-8?B?Q3JhaWc=?=" <craigjcody@hotmail.com(donotspam)> Subject: RE: BizDesk & NULL user? Date: Thu, 9 Jun 2005 09:56:08 -0700 Newsgroups: microsoft.public.commerceserver.businessdesk When I run SQL Profiler, I'm finding that the account being used is "'NTAUTHORITY\ANONYMOUS LOGON'". We were intending the account to be a different domain service account. The IIS site looks to be configured for integrated security and not anonymous. Any ideas? - Craig |
|
|
|
5
29th May 14:16
External User
Posts: 1
|
BizDesk & NULL user?
Yes, we are.
The work around that we're using right now is to turn off integrated security and turn on ONLY basic authentication. This solution also requires SSL for security because of the clear text issue. Have you any words of wisdom? - Craig |
|
|
|
6
29th May 14:16
External User
Posts: 1
|
BizDesk & NULL user?
Hi Craig,
Are you still running into this issue? -James This posting is provided "AS IS" with no warranties, and confers no rights. EBusiness Server Team From: "=?Utf-8?B?Q3JhaWc=?=" <craigjcody@hotmail.com(donotspam)> Subject: RE: BizDesk & NULL user? Date: Thu, 9 Jun 2005 09:56:08 -0700 Newsgroups: microsoft.public.commerceserver.businessdesk When I run SQL Profiler, I'm finding that the account being used is "'NTAUTHORITY\ANONYMOUS LOGON'". We were intending the account to be a different domain service account. The IIS site looks to be configured for integrated security and not anonymous. Any ideas? - Craig |
|
|
|
7
29th May 14:16
External User
Posts: 1
|
BizDesk & NULL user?
Craig,
The problem you are running into sounds like a Kerberos delegation issue. The system will not allow you to double hop from the web server to the database server with the Kerberos ticket. Take a look at the following article which applies to IIS 6 as well (even though it doesn't reflect that at the bottom): How To Configure IIS to Support Both Kerberos and NTLM Authentication http://support.microsoft.com/?id=215383 Once you have done that you will need to grant the web server machine account and the account used to access SQL server the ability to be trusted for delegation. The following article goes through the process in great detail. I recommend reading it before you start to get an idea about how it works. It makes sense in the end after you've had chance to digest what is actually going on under the covers: Troubleshooting Kerberos Delegation http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx Make sure that you have configured SQL Server to use only TCP/IP for connectivity. Here's some background information on the problem: Kerberos Protocol Transition and Constrained Delegation http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/constdel.mspx And here are some KB articles I received as reference from PSS when I had the same problem: Q319723 INF: SQL Server 2000 Kerberos Support Including SQL Server Virtual(Following this article should resolve most of these problems) Q810573 IIS: Kerberos (Negotiate) Limitations Q326985 HOW TO: Troubleshoot Kerberos-Related Issues in IIS Q215383 HOW TO: Configure IIS to Support Both Kerberos and NTLM Authentication Q312532 Service Principal Names and their important for mutual authentication Q299838 Unable to Negotiate Kerberos Authentication After Upgrading to Internet(Change IE Client to support Windows Auth) Q325608 PRB: Authentication Delegation Through Kerberos Does Not Work in(Article deals with a load balanced IIS Web Server) Q241835 Determining the Authentication Method with IIS 5.0(Kerberostest.asp) Q264921 INFO: How IIS Authenticates Browser Clients Hope that helps! Colin |
|
|
|
8
29th May 14:16
External User
Posts: 1
|
BizDesk & NULL user?
Yes, we are.
The work around that we're using right now is to turn off integrated security and turn on ONLY basic authentication. This solution also requires SSL for security because of the clear text issue. Have you any words of wisdom? - Craig |
|
|
|
9
29th May 14:16
External User
Posts: 1
|
BizDesk & NULL user?
Craig,
The problem you are running into sounds like a Kerberos delegation issue. The system will not allow you to double hop from the web server to the database server with the Kerberos ticket. Take a look at the following article which applies to IIS 6 as well (even though it doesn't reflect that at the bottom): How To Configure IIS to Support Both Kerberos and NTLM Authentication http://support.microsoft.com/?id=215383 Once you have done that you will need to grant the web server machine account and the account used to access SQL server the ability to be trusted for delegation. The following article goes through the process in great detail. I recommend reading it before you start to get an idea about how it works. It makes sense in the end after you've had chance to digest what is actually going on under the covers: Troubleshooting Kerberos Delegation http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx Make sure that you have configured SQL Server to use only TCP/IP for connectivity. Here's some background information on the problem: Kerberos Protocol Transition and Constrained Delegation http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/constdel.mspx And here are some KB articles I received as reference from PSS when I had the same problem: Q319723 INF: SQL Server 2000 Kerberos Support Including SQL Server Virtual(Following this article should resolve most of these problems) Q810573 IIS: Kerberos (Negotiate) Limitations Q326985 HOW TO: Troubleshoot Kerberos-Related Issues in IIS Q215383 HOW TO: Configure IIS to Support Both Kerberos and NTLM Authentication Q312532 Service Principal Names and their important for mutual authentication Q299838 Unable to Negotiate Kerberos Authentication After Upgrading to Internet(Change IE Client to support Windows Auth) Q325608 PRB: Authentication Delegation Through Kerberos Does Not Work in(Article deals with a load balanced IIS Web Server) Q241835 Determining the Authentication Method with IIS 5.0(Kerberostest.asp) Q264921 INFO: How IIS Authenticates Browser Clients Hope that helps! Colin |
|
|
Linear Mode
