we have two non-sql servers (a & b) that connect to a third sql server with
their system account (servername$). We have permissioned the system accounts
in SQL. However, server a is able to connect with it's system account and b
is not.
When I schedule a batch file to connect to the sql server using osql, server
b 's connection errors out with the error: Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
DBA72 wrote:
> we have two non-sql servers (a & b) that connect to a third sql
> server with their system account (servername$). We have permissioned
> the system accounts in SQL. However, server a is able to connect with
> it's system account and b is not.
> When I schedule a batch file to connect to the sql server using osql,
> server b 's connection errors out with the error: Login failed for
> user 'NT AUTHORITY\ANONYMOUS LOGON'.
Why not create an account for SQL Server and use it for the service.
David Gugick
Imceda Software
www.imceda.com
|||This is for an SMS setup and apparently, under advanced security settings,
the SMS service on other servers is supposed to run under the system account.
"David Gugick" wrote:
> DBA72 wrote:
> Why not create an account for SQL Server and use it for the service.
> --
> David Gugick
> Imceda Software
> www.imceda.com
>
|||Are these two (three) servers in different domains? Are any of them running
on NT 4 servers? The fact that you received anonymous logon errors says the
SQL Server domain controller doesn't know anything about the system account
that this server is passing to the SQL Server.
Another possibility is that server b's system account password has not been
able to successfully synchronize with its domain controller.
Lastly, the NT AUTHORITY accounts are not; they are Windows AD Groups. So,
either NT AUTHORITY\SYSTEM or NT AUTHORITY\ANONYMOUS LOGON can be granted
access to your SQL Server. However, they include several systems and/or
unkown users. Give whatever access very limited rights with your SQL Server
and user databases. Luckily, these accounts are restricted to the domain
that hosts them; so, if you are in a secured WAN\LAN, it will be less of a
threat.
Sincerely,
Anthony Thomas
"DBA72" <DBA72@.discussions.microsoft.com> wrote in message
news:BF1203C3-3219-484A-99BC-661B4B8C6A72@.microsoft.com...
This is for an SMS setup and apparently, under advanced security settings,
the SMS service on other servers is supposed to run under the system
account.
"David Gugick" wrote:
> DBA72 wrote:
> Why not create an account for SQL Server and use it for the service.
> --
> David Gugick
> Imceda Software
> www.imceda.com
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment