Posts

Showing posts from March, 2015

[SQL Server] 解決SQL Server進行HA後遠端使用Management Studio登入出現「Cannot generate SSPI context」錯誤之問題

Image
新年快樂,先祝大家伺服器健康(無誤)!剛剛的週末在公司為一台SQL Server安裝Availability Group遇到一些問題,筆記了起來希望對大家有用。

Case:
已安裝Availability group 的SQL Server 無法利用PC Client上的SQL Server Management Studio使用Virtual Host name進行登入(AD帳號),並出現「Cannot generate SSPI context」(無法產生 SSPI 內容) 。

原因:
根據Microsoft的說明
「Security Support Provider Interface (SSPI) is a set of Windows APIs that allows for delegation and mutual authentication over any generic data transport layer, such as TCP/IP sockets. Therefore, SSPI allows for a computer that is running a Windows operating system to securely delegate a user security token from one computer to another over any transport layer that can transmit raw bytes of data. 

The "Cannot generate SSPI context" error is generated when SSPI uses Kerberos authentication to delegate over TCP/IP and Kerberos authentication cannot complete the necessary operations to successfully delegate the user security token to the destination computer that is running SQL Server.」
總括來說,就是無法把Client端的AD認證送到SQL Server去…