Allen Kinsel - SQL DBA

SQL Server, PASS, and other data mishaps

Sql Server and SSPI handshake failed error hell

By Allen Kinsel, 1 month and 13 days ago

The infamous SSPI Failed error strikes again!

One of our SQL servers was generating these errors for «some» Windows logins but not all.

Error: 17806, Severity: 20, State: 2.

SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.1.1]

Keep reading →

Related posts

Share this post

Allowing effective developer access to SQL Server

By Allen Kinsel, 3 months and 1 day ago

When creating a new application, after going through the entire business analysis & requirements gathering process, normally you wind up with a datamodel that includes many tables and relationships.  By this time, depending on the size of the datamodel/system there has been considerable amounts of time invested on all sides.  We need a way of preserving this investment of time while still allowing developers to do their thing!

Deploy

Most shops have policies in place for what level of access developers can have in each environment.  In many places I've seen, developers are allowed DBO access in development, and some lesser access in the higher environments (read only usually).

After you've deployed the datamodel to the physical database in a development environment, before you grant the developer group dbo access consider all of the time/effort that has been spent making the datamodel what it is.  In order to allow the developers to do their jobs but not allow them to modify the actual table/schema layout you can grant a combinations of privileges.

Keep reading →

Related posts

Share this post

Runaway System Cache Increase Kills SQL

By Allen Kinsel, 3 months and 9 days ago

Ran into this a while back, and we finally found a root cause so, I thought Id put it out here in hopes that it saves at least 1 person the amount of head bashing I had with it

Environment

Windows 2003 Enterprise R2 SP2 w/32GB RAM

SQL Server 2005 standard ed SP3 64bit active/passive cluster

Keep reading →

Related posts

Share this post

April Houston SQL Server Users group meeting

By Allen Kinsel, 3 months and 17 days ago

In Houston?  Hungry for lunch?  Want to learn SQL Server from an expert?  Head over to the Microsoft office and learn the top SQL mistakes and how to avoid them from Kevin Kline

Not in Houston?  or hungry?  there's always the live meeting option!

Here are the details from the HASSUG Site:

Keep reading →

Related posts

Share this post

Whose got my DAC?

By Allen Kinsel, 4 months and 26 days ago

What is the DAC?

The Dedicated Admin Connection, Commonly called the DAC is used to manage SQL Server when a regular connection wont succeed.  Here's what SQL Books Online (BOL) has to say about the DAC «This diagnostic connection allows an administrator to access SQL Server to execute diagnostic queries and troubleshoot problems even when SQL Server is not responding to standard connection requests.»

DAC Errors

Occasionally, while troubleshooting SQL servers in a large environment, especially one thats managed from many different geographic locations you could come up with this error, if more than 1 person is using the DAC.  It should also be noted this only happens if you have remote DAC enabled in your environment

Error 17810

Keep reading →

Related posts

Share this post

← Previous 01 02 03 Next →

Follow Me


Tags

Allen Kinsel on Twitter

Categories

Most Recent Posts

Subscribe

Archives

Next Posts

Latest comments

  • Community Choice Sessions at the PASS Summit 2010:
    • Allen Kinsel: Thanks, We hope that this will be a good test of community selections, and hope to expand it a bit in the future
    • robert cook: glad you decided to keep blogging and gracias to you and your amigos for giving an opportunity to the sql community for direct involvement with session choices
  • Sql Server and SSPI handshake failed error hell:
    • Robert L Davis: I agree about the reboot. That's why I check SPN's before DC/Kerberos errors. An SPN can be fixed without rebooting, but if the issue is DC connection and no one can log in to the SQL Server, you're down anyway so a reboot shouldn't be out of the question. The problem with having a...
    • Allen Kinsel: I guess should have worded that a little differently, in my experience in a lot of environments kerberos isnt used since its not configured, so it always falls back to NTLM, with only NTLM and no Kerberos in the result list, its usually safe to say that SPN's arent the issue. I...
    • NULLgarity: This post should win an award. These SSPI errors have cause me all sorts of trouble over the years and are EXTREMELY difficult to troubleshoot. In my experience, they often went away before I even had a chance to look into them. Thanks for the post!
    • Shawn Melton: It's been a while since I have done SA duties with AD but I would be curious too. I actually have a User Group meeting tonight (06/17/10) with an MCT that teaches AD and will ask him if he can explain that authentication mess.
    • Robert L Davis: sys.dm_exec_connections does not tell you what protocol they used to attempt their connection. It tells you which protocol suceeded. Kerberos is ALWAYS tried first and NTLM is used as a failback. So if they show as using NTLM, it's not because they didn't attempt to use Kerberos, its because Kerberos wasn't successful. In my...
  • SQL Saturday 35 Recap:
    • Jen McCown: Cookout, eh? Maybe we'll have the next after party at chez McCown :)

Most commented posts