SQL Authentication Issue

[espressomaker]

Some type of MS SQL/Remote Desktop authentication related issue seems to be halting the Win 2003 server. During SQL access of various DBs by various users, SQL access will be cut off along with Remote Desktop access. However, simple file access on server shares is not affected. The only corrective action I've found so far is to restart the server (and interactive logon to do this take about five minutes when this issue occurs).

The server logs events 17806 (Application logs), 537 (Security), and 5719 (System). I've troubleshot DSN, Kerberos errors, firewall settings, and SQL Windows Authentication Method settings. Connections with the Win 2000 DC is local and I can't imagine/don't suspect connectivity issues. Does anyone have any experience with this or any ideas?

 

[mrdenny]

What does the CPU load look like when this is happenging? What error messages show in the errorlog when this comes up?

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

My Blog

 

[espressomaker]

mrdenny, thanks for your interest.

CPU load is minimal.

Errors read:
From the Application log:

Event Type: Error
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 17806
Date: 11/1/2007
Time: 11:43:44 AM
User: N/A
Computer: [SQL Servername]
Description:
SSPI handshake failed with error code 0x80090311 while establishing a connection with integrated security; the connection has been closed. [CLIENT: 10.32.1.125]

From the Security log:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 11/1/2007
Time: 11:43:44 AM
User: NT AUTHORITY\SYSTEM
Computer: [SQL Servername here]
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: [user]
Domain: ***.COM
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -


From the System Log:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 11/1/2007
Time: 11:43:44 AM
User: N/A
Computer: [server]
Description:
This computer was not able to set up a secure session with a domain controller in domain CPI due to the following:
The remote procedure call was cancelled.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

and

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 7
Date: 11/1/2007
Time: 11:43:44 AM
User: N/A
Computer: [server]
Description:
The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client teresa in realm CPI.COM had a PAC which failed to verify or was modified. Contact your system administrator.

I've searched for help on each of these and have not come up with anything conclusive.

 

[mrdenny]

It is definetly a Kerberos problem. You'll need to get those errors resolved before SQL will ever work correctly. You'll want to have your sysadmin take a look at those and see what they can do to correct them.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

My Blog