| google@dcbarry.com 2006-10-24, 6:31 pm |
| All:
I'm trying to resolve what seems to be contradictiory Microsoft
guidance regarding ensuring methods to ensure that delegation via
Kerberos is possible.
In our enviroment (Mixed 2000/2003 Servers, with SQL 2000 SP4
clustered servers), we ocassionally have users running into typical
linked server / double hop issues caused by NTLM authentication.
There are probably multiple root causes, but one that I can clearly see
is caused by Named Pipe connections to the SQL servers.
Because it would be nearly impossible to remove "Named Pipes" from the
thousands of potiental clients, it seems logical to remove it as an
acceptable net-lib protocol on the servers.
However, I ran into Microsoft KB831127 which seems to indicate that in
fact this can not be done, at least with on virtual servers running SQL
2000 SP3. It is silent on the issue of SP4.
So, a few questions for the brave and Knowledgable:
1) Does anyone know if KB831127 is still applicable under SP4?
2) Other than using the Client Networking tool to prevent the initation
of Named Pipe based connections, what other steps (if any) can be taken
to prevent Named Pipe based connections to the SQL servers, especially
clusted servers?
3) Are there any other known issues that may arise from removing Named
Pipes? I've seen hints at general "issues" but nothing concrete other
than the KB article listed above.
Thanks to all in advance for your assistance.
d.
|