Sunday, October 7, 2012

Windows Authentication for service running on Windows Server 2008 connecting to SQL Server running on Windows Server 2003

When running Tomcat on Windows, it is useful to run it as a service using a service account that has permissions to your SQL database so that you do not have to keep your credentials in a config file that can be compromised.

I ran into a problem where my service was unable to authenticate against a SQL instance running on Windows Server 2003 from a system running Windows Server 2008. It didn't seem to matter if I was running jTDS or the Microsoft provided JDBC drivers.

On the client side, I would immediately get I/O errors saying the DB server closed the connection. On the server side, I would see the following errors in the Event Log produced by MSSQL (catagory: Logon):

"Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library."

When running a vanilla installation of Windows Server 2003, the server will not be able to support NTLMv2, where on a vanilla installation of Windows Server 2008, it will not drop down to NTLM.

The best fix I have found was by changing the security policy on the client to drop down in authentication. (There is a forum post here that also references the fix, but the post is specific on another application)

Go to Local Security Policy (or set it on your domain), and under "Security Options", you will find "Network security: LAN Manager authentication level" with a default value of "Not Defined". Change it to "Send LM & NTLM - use NTLMv2 session security if negotiated".

Click apply, and restart your service, and you will have database connectivity via Single Sign On Windows Authentication.

10 comments:

  1. Replies
    1. Big data is a term that describes the large volume of data – both structured and unstructured – that inundates a business on a day-to-day basis. big data projects for students But it’s not the amount of data that’s important.Project Center in Chennai

      Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Corporate TRaining Spring Framework the authors explore the idea of using Java in Big Data platforms.

      Spring Training in Chennai

      The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
    Google ads services
    Google Ads Management agency

    ReplyDelete
  3. QuickBooks Payroll Support Phone Number: the consumer can generate immediate paychecks through QuickBooks Basic Payroll. It helps in saving time and cash (in writing). The payroll can make paychecks for salaried employees and wages makers good work
    Ai & Artificial Intelligence Course in Chennai
    PHP Training in Chennai
    Ethical Hacking Course in Chennai Blue Prism Training in Chennai
    UiPath Training in Chennai

    ReplyDelete