Eitan Blumin reminds me of the bad old days:
Sometimes when trying to access a linked server, you’d get an error saying “Login failed for user NT AUTHORITY\ANONYMOUS LOGON”. This happens because you’re connected using Windows authentication, and SQL Server fails to “forward” your credentials to the linked server.
This issue is often called “double-hop pass-through authentication”, also known as “Kerberos delegation“, which I’ll try to illustrate with the following diagram:
Eitan provides a helpful step-by-step guide to understanding not just how to fix the problem but also what concepts like SPNs really do.
Comments closed