Hi,
We have a SQL 2005 with SP2 configured with Kerberos authentication. We've
created a SOAP end-point and have set-up SPNs for the domain account that's
running the SQL service.
When browsing to this end-point via http://server.domain.com/name?WSDL -
browser just shows blank page. No errors being logged anywhere on the SQL
server. By looking at the requests and responses from client to the server,
IE makes only one Anonymous request to the server and then stops. Both the
client machine and the SQL server are in the same domain and the TCP port is
enabled on the SQL server and can be pinged from the client machine. The SPN
is set-up with the correct server name.
We downloaded a test application from the net and this app can get to this
same URL by Kerberos. The reson we know that Kerberos worked is because we
saw the ticket generated on the server. This client app is running on the
same client machine where we tried the IE. Version of IE is 7 and its a XP
machine.
When we turned the authentication to Integrated on SQL server, IE works in
Kerberos mode. Again, we saw the ticket generated but when we set
authentication to Kerberos only, IE is failing to pass Kereberos ticket and
render the WSDL.
Any idea about what could be going on ? How do we turn on some logging for
this SQL end-point ?
Thanks
-JigneshThis presentation might help:
http://support.microsoft.com/default.aspx?kbid=887682
Todd C
"Jignesh Shah" wrote:
> Hi,
> We have a SQL 2005 with SP2 configured with Kerberos authentication. We've
> created a SOAP end-point and have set-up SPNs for the domain account that'
s
> running the SQL service.
> When browsing to this end-point via http://server.domain.com/name?WSDL -
> browser just shows blank page. No errors being logged anywhere on the SQL
> server. By looking at the requests and responses from client to the server
,
> IE makes only one Anonymous request to the server and then stops. Both the
> client machine and the SQL server are in the same domain and the TCP port
is
> enabled on the SQL server and can be pinged from the client machine. The S
PN
> is set-up with the correct server name.
> We downloaded a test application from the net and this app can get to this
> same URL by Kerberos. The reson we know that Kerberos worked is because we
> saw the ticket generated on the server. This client app is running on the
> same client machine where we tried the IE. Version of IE is 7 and its a XP
> machine.
> When we turned the authentication to Integrated on SQL server, IE works in
> Kerberos mode. Again, we saw the ticket generated but when we set
> authentication to Kerberos only, IE is failing to pass Kereberos ticket an
d
> render the WSDL.
> Any idea about what could be going on ? How do we turn on some logging for
> this SQL end-point ?
> Thanks
> -Jignesh
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment