search cancel

Cannot scan Microsoft SQL database with jTDS driver in DLP network discover

book

Article ID: 163941

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover Data Loss Prevention Endpoint Discover

Issue/Introduction

After installing jTDS driver and configuring NTML login with domain name 

SQLSERVER://<server>:<port>/<database>;domain=<domain>;useNTLMv2=true

When the network discover scan starts, it fails because of an issue with untrusted domain.

The login is from an untrusted domain and cannot be used with Windows authentication.

Cause

Lack of permissions to authenticate a service in Kerberos

Resolution

Add SPN for the service MSSQLSvc/<hostname> and MSSQLSvc/<fqdn>

Reference:

Service Principal Name

https://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx