NTLM Fallback Issue RRS feed

  • Question

    I have a stand-alone(not connected to any domain) 64 bit machine with Windows Server 2008 Enterprise SP1.

    On this machine I have SQL Server 2008 enterprise edition version 10.0.1600.22  64-bit default instance.  It is running under 'LocalSystem' account. The authetication is 'mixed' mode.

    when the SQL server service starts, it gives the following message, which is fine.

     "The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x54b, state: 3. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies."

    Then when I try to login through SQL server management studio (from the same machine) using windows authentication, I get the following error:

    "Login failed for user 'mymachinename\Administrator'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <named pipe>]"

    I have only 'named pipe' enabled as a protocol. I have used "net view \\server" command to verify that NTLM is working fine.

    What could be the problem here? is NTLM fallback not working?

    Any help or pointers will be greatly appreciated.


    Sunday, February 22, 2009 11:05 PM

All replies

  • Kerberos only works with TCPIP enabled. If you say that you only have named pipes enabled, this is the cause.

    Jens K. Suessmeyer
    Monday, February 23, 2009 12:04 AM
  • Thanks for the reply Jens.

    Yes, Kerberos will work with TCPIP enabled and with the Server connected to the domain. 

    In this case, I do not want authentication to be via Kerberos since the machine is not even connected to a domain. Instead, I thought that in this case, spnego will use NTLM authentication.  

    I have enabled only named pipes because I thought that would force the authentication to be NTLM.

    So, the question is whether NTLM is being used in this case for authentication? if yes, then why is it failing? If NTLM is not being used, does that mean that NTLM fallback is not working?

    Thank you
    Monday, February 23, 2009 5:02 PM
  • Just wanted to add that the client(SQL Server Management Studio)  is on the same machine as the SQL server.
    Also I log into the machine as the administrator. So  SQL Server Management Studio is trying to connect to the server as administrator.


    Tuesday, February 24, 2009 6:00 PM