Manualshelf

3.4.3 MxDB for SQL Server Installation and Administration Guide

ManualsBrandsHP ManualsSoftwareHP StorageWorks Clustered Gateway Device Management Software
71727374757677787980
Chapter 4: Troubleshooting 74
Copyright © 1999-2007 PolyServe, Inc. All rights reserved.
Address: 99.11.0.31
181.13.11.99.in-addr.arpa name =
vqar13s11.ad1.polyserve.com
> 99.11.13.181
Server: qadc1.ad1.polyserve.com
Address: 99.11.0.31
181.13.11.99.in-addr.arpa name =
vqar13s11.ad1.polyserve.com
When a SQL client uses integrated security (SSPI) to connect to a SQL
Server, the SQL driver authenticates the client via the strong network
authentication, Kerberos first. If Kerberos is not available, NTLM
authentication is then used to authenticate the client. Kerberos
authentication is used only if the following prerequisites are met:
Both the client and server computers are running Windows 2000 SP3
or higher.
Both the client and server computers are part of the same domain or
trusted domains.
The SQL Server service SPN is registered with Active Directory.
The SQL Server instance is listening on TCP/IP.
The SQL client is connecting over TCP/IP.
Kerberos uses a domain unique identifier, “Service Principal Name”
(SPN), to identify a resource within a network. An SPN for SQL Server is
composed of three components:
ServiceClass: the class of service. MSSQLSvc is for SQL Server.
Host: the fully qualified domain name for the computer running the
SQL Server service.
Port: the TCP port that the SQL Server service is listening on.
An example of a valid SPN for SQL Server is:
MSSQLSvc/vqar13s11.ad1.polyserve.com:50004
When connecting to SQL Server via Kerberos, the client SQL driver uses
the Winsock API (gethostbyname and gethostbyaddr) to resolve the SQL
Server fully qualified name to form an SPN for the target SQL Server.