0

Someone have success to connect a Dockerized .NET Core API 2.2 with SQL Server located in external client cloud server through Kerberos?

Here we're facing these issues:

Scenario 1:
If we use a connection string like this:

Server=tcp:SERVER_IP_ADDRESS,1433; Database=DB_NAME; User Id=USER; Password=PASSWORD;

then, it takes a long time and throws the exception like this:

SqlException: A connection was successfully established with the server, but then an error occurred during the login process. (provider: TCP Provider, error: 0 - Success)

Scenario 2:
If we use a connection string like this:

Server=tcp:SERVER_IP_ADDRESS,1433; Database=DB_NAME; User Id=USER; Password=PASSWORD; Trusted_Connection=True;

then, the exception is:

SqlException: Cannot authenticate using Kerberos.

Ensure Kerberos has been initialized on the client with 'kinit' and a Service Principal Name has been registered for the SQL Server to allow Kerberos authentication.

ErrorCode=InternalError, Exception=Interop+NetSecurityNative+GssApiException: GSSAPI operation failed with error - Unspecified GSS failure.

Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate).

So, our hands are tied and we don't know where to run.

Can u help us?

Thanks in advance.

Eduardo Gonçalves
  • 21
  • 4
  • It is not an option to just add username/password access to the SQL server? – Gerrit Feb 20 '20 at 12:53
  • @Gerrit with username/password without Trusted_Connection = true, then the exception is: A connection was successfully established with the server, but then an error occurred during the login process. (provider: TCP Provider, error: 0 - Success) – Eduardo Gonçalves Feb 20 '20 at 13:12
  • Yes, but are username/password accesses allowed on the SQL server, does it have SQL server authentication mode? https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/create-a-login?view=sql-server-ver15 – Gerrit Feb 20 '20 at 13:16
  • I'm using SQL Server Authentication – Eduardo Gonçalves Feb 20 '20 at 13:21
  • Does anything from here help? https://stackoverflow.com/questions/34430550/a-connection-was-successfully-established-with-the-server-but-then-an-error-occ – Gerrit Feb 20 '20 at 13:35
  • Try `Initial Catalog` instead of `Database` – Gerrit Feb 20 '20 at 13:58
  • Nope... nothing seems to work. – Eduardo Gonçalves Feb 20 '20 at 14:20
  • Is the TCP/IP protocol enabled in SQL server? Check Sql Server Configuration Manager -> Sql Server Network Configuration -> Protocols for MSSQLSERVER -> TCP/IP – Gerrit Feb 20 '20 at 14:32
  • Yes, it's all enabled. – Eduardo Gonçalves Feb 20 '20 at 14:46
  • And is there only one instance of SQL server on the ip-address in the connection string and is it set to the default port? – Gerrit Feb 20 '20 at 14:57
  • Just one other possibility, the database is a contained database, and your connecting with a user from the master database. – Gerrit Feb 21 '20 at 12:45

1 Answers1

0

If you don't need strictly kerberos to authenthicate, just use sql user nad password.

To do that create a user on sql server only (not in windows, use ssms to do it or sql script) and use that user, not the windows one.

It seems that you don't use sql server authentication, at least you don't use sql server user but a windows one and sql server tries to authenthicate that user in AD instead authenticating it locally on sql server.

However if you want to use Windows auth, you probably would need to use windows containers and gMSA accounts, see https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/gmsa-run-container

Miq
  • 3,931
  • 2
  • 18
  • 32