All Apps and Add-ons

Why does my DB Connect not connect to Microsoft SQL Server using Kerberos authentication?

chanthongphiob
Path Finder

I am running a linux server and trying to establish a connection to McAfee with the SQL server using kerberos authentication. I have downloaded and installed the correct driver and DB connect recognizes the driver. When trying to create a new connection, I receive the error, "com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId: blah blah". When I look through the dbx_server logs, I find the same error as above, but also another log with an error. The other log states "ClientConnectionId: blah blah cause={} org.ietf.jgss.GSSException: No Valid credentials provided (Mechanism level: Server not found in Kerberos database (7))". Does anyone know what the issue is that is keeping the linux machine from establishing the connection?

0 Karma

splunkyj
Path Finder

@gn694 is this done for the service account that is running the SQL Server service, or for the service account that db_connect is trying to use to connect to MS SQL?

 

I'll paste this here as well for reference: Register a Service Principal Name for Kerberos Connections - SQL Server | Microsoft Learn

 

0 Karma

gn694
Communicator

@splunkyj  You do this for the service account that SQL Server runs as.

0 Karma

ansif
Motivator
0 Karma

hortonew
Builder

Unix + kerberos in a microsoft active directory environment is tricky. Typically when you see a "server not found in kerberos database" error, you're trying to invoke-command (via winrm) from one windows machine to another, and your trustedhosts config is too restrictive. I'm not positive what the equivalent is on unix, but you might try using kinit first to see if you can request a ticket with the account you're using to connect remotely. That might rule out some problems. For instance: kinit myuser@MY.DOMAIN.COM. If it prompts you for your password, and klist now shows the ticket, things should be in a good state. If your unix host isn't configured to find the domain controllers, you might be running into issues there. I have a similar setup but I think my driver is different. I can confirm after you do some more testing.

0 Karma

chanthongphiob
Path Finder

I was able to perform kinit command and klist provided me a ticket. I was initially given the wrong Port to connect to. After the change, the new error stated, "com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:blah". I thought that since maybe we had a specific instance to connect to, I added "instanceName=myInstance" to the JDBC URL as stated in Splunk Docs. After this update, I encountered a new error. The new error stated, "There was an error processing your request. It has been logged (ID blah)."

0 Karma

gn694
Communicator

Did you ever figure this out?  I am running into the same problem connecting to a MS SQL server.

0 Karma

gn694
Communicator

For anyone else that may come across this posting, I was able to resolve the issue in my case by setting the MSSQLSvc SPN on the service account used by SQL Server.

0 Karma

jaxjohnny2000
Builder

thank you.  how did you do that? 

0 Karma

gn694
Communicator

@jaxjohnny2000

Set a service principal name on the user in Active Directory that SQL Server is running as.

For example, if you are trying to connect to the following with DBConnect:

sqlserver1.fqdn.com


Add the following service principal name to the user / service account in AD:
MSSQLSvc/sqlserver1.fqdn.com:1433

 

You can do this in the Active Directory Users and Computers console (on the user's Properties - Attribute Editor tab - set the servicePrincipalName attribute) or by using the setspn command.

Depending on your permissions in AD you may be able to do this yourself or you may need to get someone to do this for you.

0 Karma
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...