<roarfred@gmail.com> wrote in message
news:1147898055.853976.36330@j73g2000cwa.googlegroups.com...
> I've been struggling with a problem for the last two months that are
> almost driving me nuts...
>
> We have a traditional ASP.Net 1.1 web site accessing a SQL2000 database
> using delegation and a trusted connection. I have seen many posts
> regarding this setup, and we had quite some trouble getting it all
> working ourself. User could finally access the web server and pull data
> from the database, fully authenticated through Kerberos and Integrated
> Windows Authentication.
>
> The problem is:
> - After a user have been inactive for anything from a few minutes to
> half an hour, the connection with the database is broken and it
> responds with the well known login failed for user (null) error.
>
> Some more facts:
> - The connection with the web server works fine, and as long as the
> exception is trapped in the code, all pages are displayed (as intended
> when a db connection is unavailable, that is)
> - I got a feeling that the Kerberos ticket is expireing and the web
> server doesn't bother asking the client for a new one.
> - We do have trust for delegation set up in the AD for the web server
> to access any resource
> - We do have a HTTP/fqdm SPN set up in AD
>
> Questions:
> - Any suggestions to what this might be caused by?
> - Would we need a SPN for the DB server too? (This is just accessed
> through the netbios name)
> - Do you know of any Kerberos-related settings that would make the
> initial authetication work, but connections to fail at a later point?
>
>
> One more thing... The very same problem was posted unanswered here in
> several newsgroups about a year ago:
> http://groups.google.com/group/microsoft.public.adsi.general/browse_thread/thread/d53ecbeaa94af2d3/133e72c9029b8b32?lnk=st&q=kerberos+timeout+iis6&rnum=4#133e72c9029b8b32
>
> This posting describes a bit more what have been tried and not. I have
> done very much the same approach, with no more luck than that guy.
>
> (I have not found any other postings that I can tell are describing the
> same problem as my)
>
>
> Any help on this matter is most appreciated.
>
> Regards,
> Roar Fredriksen
> Systems Engineer
> Omega Project Solutions Inc
>

"Roar" <roarfred@gmail.com> wrote in message
news:1147965165.263988.246430@y43g2000cwc.googlegroups.com...
> Thanks for your reply Ken!
>
> Unfortunately, we are developing in a shared environment without direct
> access to the web server. I will check with the Administrator if we can
> have this done on this server.
>
> Should this log kerberos events for communication with the sql server,
> the client's browser or both?
>