Hi,
I and some other people have spent days trying to figure out, and we starting to believe that NTLM Support in 2009 R2 does not work if SQL and WS Service is not located on same physical machine. Can anyone confirm or reject this suspicion?
We have 1 SQL Server running on Network Service on Machine A)
We have 1 NAV RTC+WEB Service Tier running on Network Service on Machine B )
We have regular RTC Clients on Machine C)
We are facing an integration challenge, where we must allow some external PHP website to call the WEB Service layer. This has to be with NTLM as I understand, but if we enable NTLM in the customconfig file and restarts the service tier, webservice tier does not work from anywhere.
We get "Login failed when connecting to SQL Server"
We notice in event log of SQL Server on Machine A, that it display anonymous user, and not the user that was authenticated from Machine C's webbrowser.
In the event log of machine B, that it displays the credentials of the user, and says NTLMv2. But on Machine A, it says something about NTLM V1.
RTC Clients works just fine from Machine C, no matter if NTLM is enabled for webservice in custom.config file.
We are considering if above is true, to install service tier on SQL server as well, or make a proxy web-service. But we can't understand why it is not mentioned anywhere if it's true it doesnt't work with NTLM unless SQL + WS Service share machine.
0
Comments
Follow ms guidelines and stay focused on delegation and spn in AD.
2009 are just stupid in 3 tier setup.
Thanks for the response, also with NTLM enabled and Network Services running both SQL/NAV?
What build no. if I may ask, this client is running 33046.
It's such a nightmare this setup with SPN,NTLM
With kind regards,
Povl
Indeed, but it is possible.