We have a job that is scheduled to run every minute via a scheduled task using "domain name\machine name$" for its credentials. Every so often it fails twice in a row with: Logon
failed for NT AUTHORITY \ ANONYMOUS LOGON.
The job itself is a SAS job that has two steps.
The first step connects to a SQL2005 database on Windows 2003. This step ALWAYS works. The second step connects to a SQL2000 database on Windows 2000. This is the step that fails intermittently.
The connection strings within the jobs steps are set up as follows:
(INIT_STRING='Provider=SQLOLEDB.1;
Integrated Security=SSPI;
Persist Security Info=True;
Initial Catalog=dbname;
Data Source=servername;'
schema=dbo);
After the job fails twice in a row, it works for a while - anywhere from 20 minutes to more than an hour - and then fails again two times in a row on the SQL 2000 connection. It seems like the failures happen sooner when there is heavy traffic, but we haven't really confirmed that.
Does anyone know why it "drops" its machine name and switches to Anonymous Logon?
Sara wrote:
ADAM - ldp bind credentials change when using machine account
06-Jun-07
The client is Windows XP SP2 and the server is 2003 SP2 with ADAM SP1 on it.
Both are updated with the latest updates.
We run ldp.exe on the client using the AT command. ie: AT 1:37pm
/interactive c:\ldp.exe We connect to our (fairly generic) ADAM instance and
select to bind as the currently logged on user.
For a period of time (hours or minutes, usually hours) it will authenticate
using the machine account ie: Authenticated as: 'SARAHSVM\SARAH-VM-XP$'.
and then for some reason it will start authenticating as anonymous:
Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON' for an number of hours or
minutes.
There seems to be no rhyme or reason that we can work out as to why this
switches although sometimes stopping and starting the instance service on the
server will force a switch or rebooting the client or server will too.. or it
might be coincidental.
On the server, you can see that the machine credentials are authenticated by
Kerberos and that the anonymous logons are authenticated by NTLM, I dont know
if NTLM authenticates the credentials because they are anonymous or it is an
anonymous logon because NTLM authenticated it.
We have kerberos logging on and there are no extraordinary error events in
the system event log. The only difference between both types of logons in the
ldp window are times and 'Authenticated as'.
The reason why we are investigating this is because we have a client
application that runs a service that needs to bind to Adam objects in our
partition. This also works for a period of time then wont for a period of
time, then it will. The error, when it occurs is 0x80072020 (An operations
error occurred). It exhibits the same behaviour as ldp when attempting to use
the machine's credentials.
Its not reasonable for our application to bind using user credentials and we
give computer objects in ADAM the right to access themselves.
If anyone could shed some light on this situation that would be greatly
appreciated.
Previous Posts In This Thread:
On Wednesday, June 06, 2007 4:04 AM
Sara wrote:
ADAM - ldp bind credentials change when using machine account
The client is Windows XP SP2 and the server is 2003 SP2 with ADAM SP1 on it.
Both are updated with the latest updates.
We run ldp.exe on the client using the AT command. ie: AT 1:37pm
/interactive c:\ldp.exe We connect to our (fairly generic) ADAM instance and
select to bind as the currently logged on user.
For a period of time (hours or minutes, usually hours) it will authenticate
using the machine account ie: Authenticated as: 'SARAHSVM\SARAH-VM-XP$'.
and then for some reason it will start authenticating as anonymous:
Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON' for an number of hours or
minutes.
There seems to be no rhyme or reason that we can work out as to why this
switches although sometimes stopping and starting the instance service on the
server will force a switch or rebooting the client or server will too.. or it
might be coincidental.
On the server, you can see that the machine credentials are authenticated by
Kerberos and that the anonymous logons are authenticated by NTLM, I dont know
if NTLM authenticates the credentials because they are anonymous or it is an
anonymous logon because NTLM authenticated it.
We have kerberos logging on and there are no extraordinary error events in
the system event log. The only difference between both types of logons in the
ldp window are times and 'Authenticated as'.
The reason why we are investigating this is because we have a client
application that runs a service that needs to bind to Adam objects in our
partition. This also works for a period of time then wont for a period of
time, then it will. The error, when it occurs is 0x80072020 (An operations
error occurred). It exhibits the same behaviour as ldp when attempting to use
the machine's credentials.
Its not reasonable for our application to bind using user credentials and we
give computer objects in ADAM the right to access themselves.
If anyone could shed some light on this situation that would be greatly
appreciated.
EggHeadCafe - Software Developer Portal of Choice
BizTalk Application that inserts records into SQL from *.CSV File
http://www.eggheadcafe.com/tutorials...tion-that.aspx
Similar Threads
Linear Mode
