4 Matching Annotations
- Nov 2018
-
www.experts-exchange.com www.experts-exchange.com
-
ALTER DATABASE SET trustworthy on
Database may have to me made trustworthy to initiate linked server connection
-
-
support.microsoft.com support.microsoft.com
-
n the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries. If SELF is not listed, click Add, and then add SELF.Under Permission entries, click SELF, and then click Edit.In the Permission Entry dialog box, click the Properties tab.On the Properties tab, click This object only in the Apply onto list, and then click to select the check boxes for the following permissions under Permissions:Read servicePrincipalNameWrite servicePrincipalName
Permissions needed for AD account to write SPN name
-
rant delegation permission to the SQL Server service account domain user account.
Computer and SQL service accounts need to be grated delegation permissions in AD users and computers
-
-
docs.microsoft.com docs.microsoft.com
-
The client and server computers must be part of the same Windows domain, or in trusted domains. A Service Principal Name (SPN) must be registered with Active Directory, which assumes the role of the Key Distribution Center in a Windows domain. The SPN, after it is registered, maps to the Windows account that started the SQL Server instance service. If the SPN registration has not been performed or fails, the Windows security layer cannot determine the account associated with the SPN, and Kerberos authentication will not be used.
2 main criteria for linked servers to pass through AD credentials
- be on the same domain
- have an SPN registered for the AD account running the SQL service
-