Share via

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGIN'

Pedro Fernandes 1 Reputation point
2022-07-12T22:14:11.01+00:00

I'm facing a very specific issue on my SQL server instance. Recently I had to create a linked server (referencing server B) in my server A, to connect to a database in B through A. Everything worked and works well when I'm in the server A (accessing via remote desktop).

I need to query the server A through an Apache application, it always worked. But when I need to query the server B through the A using Apache (not in remote desktop, where it works), the query fails to complete, so I open SSMS, execute the same query and it returns the following error:

"Login failed for user 'NT AUTHORITY\ANONYMOUS LOGIN'"

What really concerns me is that it's not an authentication error (even though the message says it), because when I access the server A via RD, execute the query and come back to the Apache application, then I am able to query, which makes no sense at all.

It looks like it's an intermittent issue, and sometimes I just can't force it.

SQL Server | Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CathyJi-MSFT 22,396 Reputation points Microsoft External Staff
    2022-07-13T02:03:26.66+00:00

    Hi @Pedro Fernandes ,

    What you describe is a classic double hop scenario. an Apache application->Server A –linked server -> Server B

    Please make sure delegation has to set for the middle tier SQL instance service account(server A). This means that make sure SQL Server service account was trusted for delegation in AD.

    You can go to domain controller -> open active directory users and computers -> users -> right-click the SQL Server Service account in users folder -> Properties.
    Then go to delegation tab in the Properties dialog box, ensure that "Trust this user for delegation to any service (Kerberos only)" or "Trust this user for delegation to specified services (Kerberos only) – Use Kerberos only "is selected. If you choose the " Trust this user for delegation to specified services (Kerberos only)", please add the SQL Server service. ( please do the same for the delegation tab in the Properties of server's computer object in active directory users and computers.)

    220226-screenshot-2022-07-13-095758.jpg

    Then go to the account tab in properties and ensure that the "account is sensitive and cannot be delegated" option is not selected.

    220233-screenshot-2022-07-13-095948.jpg

    Please refer to this blog or this one.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments
  2. Vinith Singh 0 Reputation points Microsoft External Staff
    2024-01-09T14:23:22.8233333+00:00

    Hey guys! Follow this below article for detail about configuration and all the related settings.

    If you are new to this kind of error, then possibly this article will help from basic to advanced understanding of the issue and also further troubleshooting.

    https://kingfishertechtips.in/kerberos-issue-nt-anonymous-login-failed/

    0 comments
  3. Vinith Singh 0 Reputation points Microsoft External Staff
    2024-01-09T14:24:27.2733333+00:00

    Hey guys! Follow this below article for detail about configuration and all the related settings.

    If you are new to this kind of error, then possibly this article will help from basic to advanced understanding of the issue and also further troubleshooting.

    https://kingfishertechtips.in/kerberos-issue-nt-anonymous-login-failed/

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.