Cannot scan Microsoft SQL database with jTDS driver in DLP network discover
search cancel

Cannot scan Microsoft SQL database with jTDS driver in DLP network discover

book

Article ID: 163941

calendar_today

Updated On: 04-30-2024

Products

Data Loss Prevention Network Discover Data Loss Prevention Endpoint Discover

Issue/Introduction

After installing jTDS driver and configuring NTML login with domain name 

SQLSERVER://<server>:<port>/<database>;domain=<domain>;useNTLMv2=true

When the network discover scan starts, it fails because of an issue with untrusted domain. 
 
The message shown:
The login is from an untrusted domain and cannot be used with Windows authentication.

Cause

Lack of permissions to authenticate a service in Kerberos.

Resolution

Add SPN for the service MSSQLSvc/<hostname> and MSSQLSvc/<fqdn>

 

Additional Information

Reference:

https://learn.microsoft.com/en-us/sql/relational-databases/native-client/features/service-principal-name-spn-support-in-client-connections?view=sql-server-ver15

Service Principal Name

https://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx

Powered by Wolken Software