Post reply

SSPI handshake failed

  • June 30, 2011 at 12:26 am

    #253648

    One of the Sql instance is behaving abnormally . when i checked the event view it showed

    SSPI handshake failed with error code 0x80090311 while establishing a connection with integrated security; the connection has been closed. [CLIENT: 10.30.0.130]

    .this error is coming very frequently.

    Machine is sql 2005 , SP3.

    -------Bhuvnesh----------
    I work only to learn Sql Server...though my company pays me for getting their stuff done;-)

  • June 30, 2011 at 1:31 am

    #1346340

    Are you using Named Instance ?

    How you connect SQL Server on SSMS(SQL Server Studio Management) ?

    ServerName\InstanceName,port

    or simply with default instance just

    ServerName

    All Protocols are enabled for the instance and the client as well as in the SQL server Configuration Manager ?

    Are you running kerberos or NTLM authentication on your SQL servers?

    Regards,
    Syed Jahanzaib Bin Hassan
    BSCS | MCTS | MCITP | OCA | OCP | OCE | SCJP | IBMCDBA

    My Blog
    www.aureus-salah.com

  • June 30, 2011 at 1:53 am

    #1346347

    Syed Jahanzaib Bin hassan (6/30/2011)

    Are you using Named Instance ?

    Yes

    Syed Jahanzaib Bin hassan (6/30/2011)

    All Protocols are enabled for the instance and the client as well as in the SQL server Configuration Manager ?

    We haven't changed any settings in recent time.

    Syed Jahanzaib Bin hassan (6/30/2011)

    Are you running kerberos or NTLM authentication on your SQL servers?

    See the below error

    The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client KMehtani in realm CVENT.NET had a PAC which failed to verify or was modified. Contact your system administrator.

    -------Bhuvnesh----------
    I work only to learn Sql Server...though my company pays me for getting their stuff done;-)

  • June 30, 2011 at 2:02 am

    #1346356

    that might be an SPN issue,you have required SetSPN.exe tool to set this problem

    http://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx

    as mentioned on the above link

    Before the Kerberos authentication service can use an SPN to authenticate a service, the SPN must be registered on the account object that the service instance uses to log on. A given SPN can be registered on only one account. For Win32 services, a service installer specifies the logon account when an instance of the service is installed. The installer then composes the SPNs and writes them as a property of the account object in Active Directory Domain Services. If the logon account of a service instance changes, the SPNs must be re-registered under the new account. For more information, see How a Service Registers its SPNs.

    For Help of SPN

    http://blogs.msdn.com/b/saurabh_singh/archive/2009/01/09/new-features-in-setspn-exe-on-windows-server-2008.aspx

    For SETSPN Tool

    http://support.microsoft.com/kb/970536

    Use of SPN

    http://stackoverflow.com/questions/514678/how-should-i-use-this-setspn-command-when-installing-sharepoint

    http://technet.microsoft.com/en-us/library/cc731241(WS.10).aspx

    Regards,
    Syed Jahanzaib Bin Hassan
    BSCS | MCTS | MCITP | OCA | OCP | OCE | SCJP | IBMCDBA

    My Blog
    www.aureus-salah.com

  • June 30, 2011 at 8:05 am

    #1346556

    Check this link http://social.msdn.microsoft.com/Forums/en-US/sqldatabaseengine/thread/fd6b160b-4bab-4e1d-a93f-51021e6bfd2f/



    My blog

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply