Error: odbc sql server driver: cannot generate sspi context

girish.joshigirish.joshi Member Posts: 407
edited 2009-01-15 in SQL General
Has anyone seen this error before when connecting via Windows Authentication to SQL Server 2K5 Express?

The security model is Standard, though at one time it was Enhanced.

To make matters even more bewildering, the user claims that it is possible to login to NAV if you first login to the box with terminal services with that login. However, if you login directly to the machine with that login, then you can't login to NAV.

Any advice?

Comments

  • kinekine Member Posts: 12,562
    If I remember correctly, it means that you are trying to use database login but the SQL server is configured only for Windows logins. The SQL must be reconfigured to use both, windows logins and database logins (mixed mode)...
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • ara3nara3n Member Posts: 9,256
    I suggest to use IP address instead of computer name. The SPPI error is related to sql not being able to communicate with Active directory.
    Ahmed Rashed Amini
    Independent Consultant/Developer


    blog: https://dynamicsuser.net/nav/b/ara3n
  • girish.joshigirish.joshi Member Posts: 407
    kine: the user is able to login with database logins, and if through terminal services they can login with a windows login as well.

    ara3n: Use IP address where? It's actually when the user is physically in front of the machine logging on that there is a problem.

    I did find this article (http://support.microsoft.com/kb/811889) , but frankly, I don't understand much of it. Does it make any sense to you?
  • DenSterDenSter Member Posts: 8,307
    I think Kerberos is secure TCP, so make sure your net type is set to TCP, not TCPS
  • ara3nara3n Member Posts: 9,256
    I'm confused, is this issue when you login into NAV or login into windows?
    Ahmed Rashed Amini
    Independent Consultant/Developer


    blog: https://dynamicsuser.net/nav/b/ara3n
  • girish.joshigirish.joshi Member Posts: 407
    Denster: I will give that a try

    Ara3n: An issue when logging on to NAV with Windows authentication. So, I see what you mean, we could use an ip address in the server name instead of a name. I will try that as well.
  • krikikriki Member, Moderator Posts: 9,115
    [Topic moved from 'NAV/Navision' forum to 'SQL General' forum]
    Regards,Alain Krikilion
    No PM,please use the forum. || May the <SOLVED>-attribute be in your title!


  • dmccraedmccrae Member, Microsoft Employee Posts: 144
    Obtaining an SSPI context is done by a process when attempting to access your security token. E.g., SQL Server does this when you make a windows authenticated login to it, in order to impersonate your token and connect as "you", and not its own account. It is not related to the ability to connect to the server.

    I get this usually when I am using my domain user account for my SQL Server instance (rather than a builtin account), and the password for the account changes. This is one reason at least that the SSPI context cannot be obtained by a service. Can you check that (in Control Panel/Services -> Properties of a service, within the Logon tab).

    The TCP / TCPS protocol is not applicable to SQL Server, only the Native server.
    Dean McCrae - Senior Software Developer, NAV Server & Tools

    This posting is provided "AS IS" with no warranties, and confers no rights.
Sign In or Register to comment.