- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Why does my DB Connect not connect to Microsoft SQ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why does my DB Connect not connect to Microsoft SQL Server using Kerberos authentication?
I am running a linux server and trying to establish a connection to McAfee with the SQL server using kerberos authentication. I have downloaded and installed the correct driver and DB connect recognizes the driver. When trying to create a new connection, I receive the error, "com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId: blah blah". When I look through the dbx_server logs, I find the same error as above, but also another log with an error. The other log states "ClientConnectionId: blah blah cause={} org.ietf.jgss.GSSException: No Valid credentials provided (Mechanism level: Server not found in Kerberos database (7))". Does anyone know what the issue is that is keeping the linux machine from establishing the connection?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@gn694 is this done for the service account that is running the SQL Server service, or for the service account that db_connect is trying to use to connect to MS SQL?
I'll paste this here as well for reference: Register a Service Principal Name for Kerberos Connections - SQL Server | Microsoft Learn
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@splunkyj You do this for the service account that SQL Server runs as.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check if below answer helps you:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unix + kerberos in a microsoft active directory environment is tricky. Typically when you see a "server not found in kerberos database" error, you're trying to invoke-command (via winrm) from one windows machine to another, and your trustedhosts config is too restrictive. I'm not positive what the equivalent is on unix, but you might try using kinit first to see if you can request a ticket with the account you're using to connect remotely. That might rule out some problems. For instance: kinit myuser@MY.DOMAIN.COM. If it prompts you for your password, and klist now shows the ticket, things should be in a good state. If your unix host isn't configured to find the domain controllers, you might be running into issues there. I have a similar setup but I think my driver is different. I can confirm after you do some more testing.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to perform kinit command and klist provided me a ticket. I was initially given the wrong Port to connect to. After the change, the new error stated, "com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:blah". I thought that since maybe we had a specific instance to connect to, I added "instanceName=myInstance" to the JDBC URL as stated in Splunk Docs. After this update, I encountered a new error. The new error stated, "There was an error processing your request. It has been logged (ID blah)."
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you ever figure this out? I am running into the same problem connecting to a MS SQL server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For anyone else that may come across this posting, I was able to resolve the issue in my case by setting the MSSQLSvc SPN on the service account used by SQL Server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you. how did you do that?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Set a service principal name on the user in Active Directory that SQL Server is running as.
For example, if you are trying to connect to the following with DBConnect:
sqlserver1.fqdn.com
Add the following service principal name to the user / service account in AD:
MSSQLSvc/sqlserver1.fqdn.com:1433
You can do this in the Active Directory Users and Computers console (on the user's Properties - Attribute Editor tab - set the servicePrincipalName attribute) or by using the setspn command.
Depending on your permissions in AD you may be able to do this yourself or you may need to get someone to do this for you.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
