Forum Discussion

SysTopher's avatar
SysTopher
Icon for Nimbostratus rankNimbostratus
May 26, 2016

LTM Layer 4 SQL VIP

Hello everyone,

 

I currently have multiple layer 4 virtual servers configured for our SQL Cluster. So far everything has been working great, users and apps can connect to the virtual servers to access databases as expected. We aren't using the layer 4 virtual servers for load balancing, but more as a proxy to allow users to connect to SQL servers on the other side of a firewall.

 

We ran into one problem where our DBA is attempting to utilize SQL Analytics, but when Analytics is making a call to the virtual server it's failing.

 

The errors we're seeing are: SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed [CLIENT: 10.x.x.x]

 

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 10..x.x.x]

 

We're not using our BigIP in routed mode, but instead running it in one armed mode. Due to this we have a SNAT pool for our network segments that we assign to each VIP. The client IP is one of our SNAT pool addresses.

 

So it seems like for some reason the analytics piece of SQL doesn't recognize the SNAT IP as being a trusted domain computer? None of the other functions of SQL seem to care, but this one functionality does.

 

Has anyone else run into this? Has anyone successfully deployed F5 virtual servers to proxy connections for SQL Analytics? I don't know much about SQL Analytics and I'm not sure what it wants or how I can give it what it wants from the F5 standpoint.

 

2 Replies

  • I see that you have opened a case with support on this. I was unable to find any evidence that any one else has run into this issue. Once support helps you find the answer it would be wonderful if you would post it back here for the community.
  • Did anyone find a solution to this? I just ran into the same set of conditions and issue.