locked
SSPI Handshake failed with error code 0x8009030c on DC reboot. RRS feed

  • Question

  • Hi guys,

    We are experiencing this issue in very specific cirtumstances.

    Here's our setup:

    Our Active Directory domain has 3 DCs, 2 of those are in the same AD Site as our SQL cluster. Each AD Site has the corresponding network subnets

    DCs are each in different subnets. (172.20.38.x, 172.16.4.x and 172.20.8.x)

    Cluster nodes are in the 172.16.2.x subnet.

    Windows Server 2003 Ent. (x64)
    Service Pack 2

    SQL Server 2005 Ent. (x64)
    Service Pack 3
    Version: 9.00.4035.00

    Here's our issue:

    When one of the DC is restarted (a very spesific one in the same AD site as the SQL cluster) the SQL cluster will log those error in the Application log.

    Event ID: 18452 followed by 17806 for a few minutes.

    It seems that SSPI isn't handling/falling to another available DC very easily. This usualy causes our BizTalk cluster to failover to it's other node which causes a small downtime.

    Is this something that is to be expected? Is SQL behaving normaly?

    Any comments, opinions appreciated.


    Francis Ouellet­
    1998 - 2006 MVP
    http://francisouellet.ca
    http://directoryservicesconsulting.ca

    Wednesday, May 12, 2010 6:12 PM

Answers

  • Hi,

    Based on the error message, it seems that BizTalk cannot provide the correct credential to connect to SQL Server. Since the BizTalk need to fetch ticket from KDC, I think the DC reboot is the root case. Thus, I suggest you post the issue to the Windows Server forum.

    If there are any more problems, please let me know.
    Thanks.


    ***Xiao Min Tan***Microsoft Online Community***
    Monday, May 17, 2010 3:19 AM

All replies

  • From the error message i think as part of SQL Server cluster it do hearbeat check as per it schedule.  During the Domain Controller reboot, the windows logins ( Principals ) are not authenicatied.

    As long as your SQL Servers and Databases are online this errors can be ignored it is information messges only.

     


    Sivaprasad S http://sivasql.blogspot.com Please click the Mark as Answer button if a post solves your problem!
    Thursday, May 13, 2010 1:19 AM
  • It is not part of the SQL cluster hearbeat. Authentication failures comes from the the Biztalk cluster:

    SSPI handshake failed with error code 0x80090304 while establishing a connection with integrated security; the connection has been closed. [CLIENT: 172.16.2.61]

    Well the databases stay online but authentication will fail. And that's from only one DC rebooting, which I find extremely odd....


    Francis Ouellet­
    1998 - 2006 MVP
    http://francisouellet.ca
    http://directoryservicesconsulting.ca
    Friday, May 14, 2010 6:32 PM
  • Hi,

    Based on the error message, it seems that BizTalk cannot provide the correct credential to connect to SQL Server. Since the BizTalk need to fetch ticket from KDC, I think the DC reboot is the root case. Thus, I suggest you post the issue to the Windows Server forum.

    If there are any more problems, please let me know.
    Thanks.


    ***Xiao Min Tan***Microsoft Online Community***
    Monday, May 17, 2010 3:19 AM