NAS SQL Server Error: cannot generate SSPI context

Waldo

Hi,

When I start my nassql.exe, I got an error message in my event viewer saying:

11004,HY000,...,Cannot generate SSPI context

Anybody know what I can try?

fb

Any of these relevant?

http://support.microsoft.com/default.as ... -us;883714

http://support.microsoft.com/default.as ... -us;811889

Alexey_Pavlov

It's normal situation if NAS server account password was updated without restarting SQL, OS or NAS.

Waldo

Alexey Pavlov wrote:

It's normal situation if NAS server account password was updated without restarting SQL, OS or NAS.

This was definitally not the case... .

It's actually a move to a new server. I want to run the NAS on a better machine. I install it with the same settings as the old one, but no luck ... .

kine

and set you up the account for the service as on you old server?

Waldo

Yep, been there, done that.

Anymay, I'm running 4 NAS servers on a live database, and 2 NAS servers on the TEST database (which is on a seperate machine). The 4 servers on the live environment are no problem, but the 2 other ones are... .

fb

(Sorry for the random notes, but I stumbled across the following item in a 'Known Issues for v4.0' doc, and wondered if it might be relevant...)

During installation of the Navision Application Server service, the new TCPS (Kerberos) protocol is selected also for the SQL Option of the Application Server. Since this protocol is not available for the SQL Option, the service will not start.

Another protocol has to be selected, but due to an error in the MMC snap-in this is not possible from the UI.

Following registry entry should be changed:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<Service Name>]
"NETTYPE"="tcp"

DenSter

I remember we had big issues with that as well, the nettype not being editable in the MMC console. The default in the installation seems to be TCPS, and that just won't work. My money is on this solution .

If you don't want to mess around with registry settings, you can also uninstall NAS, and then re-install it from a command prompt (installasservice) using "nettype=tcp" as a parameter. See the installation guide for more details.

Johnny_Reggae

Waldo,

did you find a solution for your problem ?

If so, are you willing to share this because I'm now having the same problem...

Thanks in advance !

Waldo

Sorry Jezus (?)

I don't recall the problem that good anymore. We did find a solution, but don't remember what it was :oops: :oops: :oops:

dsatria

Johnny Reggae wrote:

Waldo,

did you find a solution for your problem ?

If so, are you willing to share this because I'm now having the same problem...

Thanks in advance !

Make sure that windows time settings on all your servers are in sync.
Let me know if it works...

ara3n

I'm running into this problem on My computer when I use windows authenication. The only I can connect to my Location SQL Server with Navision client is to vpn into my Network. then connect with Navision client using windows authenication.

It looks like sql tries to connect to Active directory get get a SSPI ID.
So the issue is connection between sql and active directory.

ara3n

Ok I've finally solved this problem.

I had a service "NT LM Security Support Provider" that was not running. I started and changed it to automatic.

I opened SQL Server Conviguration Manager. In SQL Server 2005 Services->SQL Server (MSSQLServer). Double clicked and changed Log on as a specific account.

I created a temporary Admin account. Selected that and click apply This restarted the sql server. I then changed it back to built-in account, and clicked on apply.

After several minutes, I was able to connect using windows authenication.

In Navision Server Name. I typed the local ip address 127.0.0.1 and it worked.
Using the Server Name still gives me the sspi error.

Basically SQL Server changes the authenication from Kerberos to NTLM.


That was painful.

Alex_Chow

ara3n wrote:

Ok I've finally solved this problem.

I had a service "NT LM Security Support Provider" that was not running. I started and changed it to automatic.

In Navision Server Name. I typed the local ip address 127.0.0.1 and it worked.
Using the Server Name still gives me the sspi error.

Basically SQL Server changes the authenication from Kerberos to NTLM.


That was painful.

This works for me. But did anyone how to address this problem so I can use the servername instead of 127.0.0.1?

garak

u can type "localhost" or u use the old hosts file if these problem still exists ....

Alex_Chow

garak wrote:

u can type "localhost" or u use the old hosts file if these problem still exists ....

No, typing in localhost doesn't work. It will only recognize the IP as stated in the previous post.

What do you mean use the "old hosts file"?

ara3n

you will need to VPN as mentioned before if you want the name.
Also make sure the Date and Time on the computer is the same between the server

Alex_Chow

Problem solved!

It was caused by a duplicate Service Principal Names in the Active Directory.