top of page

Experienced Technology Product Manager adept at steering success throughout the entire product lifecycle, from conceptualization to market delivery. Proficient in market analysis, strategic planning, and effective team leadership, utilizing data-driven approaches for ongoing enhancements.

  • Twitter
  • LinkedIn
White Background

The target principal name is incorrect. Cannot generate SSPI context

Updated: Aug 1, 2019

We recently stumbled upon an issue where database server had to be restored a date where it was working as expected after patching somehow screwed it up.


Admins were able to connect to that server which was hosting vRA's IAAS database and take a backup of it


After Server and DB was restored , IaaS service under VAMI wasn't coming back to "REGISTERED" state


When we browse to component registry , we get following exception


</serviceStatus>

<serviceStatus serviceId="5a3f7b9a-8d02-4069-b0f4-afd68679657b" serviceName="iaas-service" serviceTypeId="com.vmware.csp.iaas.blueprint.service" notAvailable="true" unregisterDenied="true">

<lastUpdated>2019-07-25T11:16:25.042+08:00</lastUpdated>

<statusEndPointUrl>https://vra-web/WAPI/api/status</statusEndPointUrl>

<serviceStatus>

<errorMessage>

Exception during remote status retrieval for url: https://vra-web/WAPI/api/status. Error Message 500 Internal Server Error.

</errorMessage>

<initialized>false</initialized>

</serviceStatus>

</serviceStatus>


We did verify ManagerService.exe.config , Web.config and [<<databasename>>].[DynamicOps.RepositoryModel].[Models] . The configuration was set correctly.


Verifying exceptions under ManagerService/All.log



[UTC:2019-07-25 07:09:01 Local:2019-07-25 15:09:01] [Error]: [sub-thread-Id="6" context="" token=""] Failed to ping the database. Details: System.Data.SqlClient.SqlException (0x80131904): The target principal name is incorrect. Cannot generate SSPI context.

at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)

at System.Data.SqlClient.TdsParser.ProcessSSPI(Int32 receivedLength)

at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)

at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)

at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)


The "Cannot generate SSPI context" error is generated when SSPI uses Kerberos authentication to delegate over TCP/IP and Kerberos authentication cannot complete the necessary operations to successfully delegate the user security token to the destination computer that is running SQL Server.


This gave us a clue that there might be a trust issue between the SQL server and the domain it's part of


Verifying Group and User memberships confirmed this to us , yea the relationship was broken. AD account login to SSMS and the server itself was broken.



As remediation task , we had to remove the node and then bring it back to the domain.


Post that AD login to SSMS and the IaaS service was immediately registered


2,675 views0 comments

Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page