Quantcast
Channel: SharePoint 2010 - Setup, Upgrade, Administration and Operations forum
Viewing all articles
Browse latest Browse all 13778

SharePoint Business Connectivity Services (BCS), Kerberos not working - Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

$
0
0

I am running SharePoint 2010 with SQL 2012, I am trying to get Business Connectivity Services (BCS) running but I am facing a double-hope authentication issue.

Everytime I try to connect to the external BCS list created in SharePoint designer, I get the error `Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'`.

In the event viewer on the SQL server I see a login failure for an anonymous user from the SP server IP address.

Background information below:

I have the following AD domain accounts:

  • SP_Farm - main website pool
  • SP_Services - for SharePoint services (including BCS)
  • SQL_Engine - SQL database engine

I have enabled Kerberos under SharePoint Central admin.

I then created the following with SetSPN:

  • SetSPN -S http/intranet mydomain\SP_Farm
  • SetSPN -S http/intranet.mydomain.local mydomain\SP_Farm
  • SetSPN -S SPSvc/SPS mydomain\SP_Farm
  • SetSPN -S MSSQLSvc/SQL1:1433 mydomain\SQL_DatabaseEngine
  • SetSPN -S MSSQLSvc/SQL1.mydomain.local:1433 mydomain\SQL_DatabaseEngine

I then delegated the AD accounts for `any authentication protocol` to the following:

  • SP_Farm -> SP_Farm (http service type, intranet)
  • SP_Farm -> SQL_Engine (MSSQLSvc, sql1)
  • SP_Service -> SP_Service (SPSvc)
  • SP_Service -> SQL_Engine (MSSQLSvc, sql1)

Despite the above, credentials are not passed from the client through the SharePoint server to the SQL server, only the anonymous account is used.

If I set a username and password with the Secure Store Service and set the external list to use the impersonated credentials, the list works.

Any ideas what I have missed and what can be tried next?



Viewing all articles
Browse latest Browse all 13778

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>