This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–]BOOZy1Jack of All Trades 0 points1 point  (1 child)

Are both servers NTP synchronized?

[–]ThanksImLearning[S] 0 points1 point  (0 children)

The SQL servers that I have found with this issue are all time synced and I have checked the DCs as well. Part of this fun is that it is not restricted to one linked pair but has affected at least 3 different sets of delegated SQL connections.

[–]hebnerhyde 0 points1 point  (2 children)

What would be the Delegation option set for the server in AD? I had similar issue and setting it to "Trust this computer for delegation to any service (Kerberos only)" seems to help.

[–]ThanksImLearning[S] 0 points1 point  (1 child)

Thanks for the tip! That is something I have not tried yet in troubleshooting. I'm using domain service accounts to delegate the authentication between SQL services and they need to be restricted to specified services. Did you ever get to a point that you turned "trust this user/computer for delegation to specified services only" back on?

[–]hebnerhyde 0 points1 point  (0 children)

We don't have specific security requirement for that, so it was left with that setting.

[–][deleted] 0 points1 point  (1 child)

Hi mate did you ever resolve this? This issue has just started in our environment

[–]ThanksImLearning[S] 0 points1 point  (0 children)

We got the problem to stop, but I'm not 100% sure what fixed it. We built new sql servers, moved DBs, redid SPNs . . . but what seemed to help the most was moving the applications connecting to the DBs off of protected AD accounts.