0

已克隆数据库服务器。操作系统是"Microsoft Windows XP Professional Version 2002 Service Pack 3". 查询环境是"Microsoft SQL Server 2008 Management Studio 10.0.4000.0".

克隆后,已注意到以下行为。尝试从机器外部但在同一域内进行连接时,可以读取以下错误消息:"Cannot generate SSPI context. (.Net SqlClient Data Provider)".

"Microsoft SQL Server 2008 Management Studio"从机器内部,可以使用查询环境连接到数据库服务器。

但是,当尝试运行SQLCmd命令行工具时,会显示以下错误:

C:\<Directory>>SQLCmd -S DBA2\<Instance> -i C:\<Directory>\<FileName>.SQL
HResult 0x80090322, Level 16, State 1
SQL Server Network Interfaces: The target principal name is incorrect.
Sqlcmd: Error: Microsoft SQL Server Native Client 10.0 : Cannot generate SSPI context.

ServicePrincipalNames设置方式如下:

C:\PROGRA~1\SUPPOR~1>setspn DBA2
Registered ServicePrincipalNames for CN=DBA2,CN=Computers,DC=<Company>,DC=com:
VProRecovery Backup Exec System Recovery Agent 7.0/DBA2.<Company>.com
HOST/DBA2
HOST/DBA2.<Company>.com

"C:\PROGRA~1\SUPPOR~1\ADSIEDIT.MSC"从 Microsoft Windows XP Professional 光盘运行支持工具时,我们可以在"ADSI Edit \ Domain [<Site>.<Company>.com] \ DC=<Company>,DC=com"路径下方看到"CN=Computers"叶子。在其"Properties"对话框中,"Security"选项卡内,列表下方"Group or user names:",有"SELF"条目。按下"Advanced"按钮时,"Advanced Security Settings for Computers"会生成对话框。在"Permissions"选项卡上,在"Permission entries:"列表下方,还有一个带有 Name 的条目"SELF"。按下"Edit..."按钮,将"Permission Entry for Computers"显示对话框。在其"Properties"选项卡上的"Permissions:"列表中,没有"Read ServicePrincipalName"权限条目和权限条目"Write ServicePrincipalName"

这可能是以下命令失败的原因:

C:\PROGRA~1\SUPPOR~1>setspn -r DBA2
Registering ServicePrincipalNames for CN=DBA2,CN=Computers,DC=<Company>,DC=com
HOST/DBA2.<Company>
HOST/DBA2
Failed to assign SPN to account 'CN=DBA2,CN=Computers,DC=<Company>,DC=com', 0x2098

即使有在ServicePrincipalName克隆的数据库服务器上重置的权限,这是否可以解决SQLCmd同一域内来自机器外部和来自机器外部的连接?

4

1 回答 1

0

实际上,是的,在正确的位置设置了正确的权限后,问题就解决了。

ServicePrincipalNames必须在用户上设置,SQL如下所示:

C:\PROGRA~1\SUPPOR~1>setspn -a mssqlsvc/dba2:1433 <Company>\<UserName>
Registering ServicePrincipalNames for CN=<UserName>,OU=Reporting Security,OU=Security Groups,OU=Romania,DC=<Company>,DC=com
        mssqlsvc/dba2:1433
Updated object

C:\PROGRA~1\SUPPOR~1>setspn -a mssqlsvc/dba2.<Company>.com:1433 <Company>\<UserName>
Registering ServicePrincipalNames for CN=<UserName>,OU=Reporting Security,OU=Security Groups,OU=Romania,DC=<Company>,DC=com
        mssqlsvc/dba2.<Company>.com:1433
Updated object

C:\PROGRA~1\SUPPOR~1>setspn -l dba2
Registered ServicePrincipalNames for CN=DBA2,OU=Romania Machines,OU=Romania,DC=<Company>,DC=com:
    VProRecovery Backup Exec System Recovery Agent 7.0/DBA2.<Company>.com
    HOST/DBA2
    HOST/DBA2.<Company>.com

C:\PROGRA~1\SUPPOR~1>setspn -l <UserName>
Registered ServicePrincipalNames for CN=<UserName>,OU=Reporting Security,OU=Security Groups,OU=Romania,DC=<Company>,DC=com:
    MSSQLSvc/DBA2.<Company>.com:<Company>_RO
    mssqlsvc/dba2.<Company>.com:1433
    mssqlsvc/dba2:1433

希望这可以帮助那些可能遇到同样问题的人。

于 2015-02-10T12:29:46.203 回答