If I use my laptop to connect to server A using SSMS and run a query there that joins to a table on server B, I get the known response, "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."
If I remote desktop to server A and run the same query using SSMS, it exec's successfully (it's only "single-hop"). If I then run the original query on the laptop again, it also exec's successfully, I think because the Kerberos authentication is somehow allowing me to run queries for a limited time from my laptop.
Here's the question: server B is in a different domain than server A and the network folks don't want to / can't get both trusted domains and the Active Directory configurations working needed just to solve the double-hop problem, so I'm left looking for a work-around.
I have a small set of users. I'd like to allow them remote desktop access to server A and when they log in, have a sqlcmd run in a batch script that just connects to server B. Then the Kerberos ticket should allow them to run queries from their laptops.
When I try it myself:
- remote desktop to server A
- open a cmd prompt
- run sqlcmd -S serverB -d Db1 -q "SELECT top 1 ID from dbo.company;" [runs successfully]
- go back to my laptop and run the original query, I get "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." again.
Please help.
Thanks,
Seth