Cannot scan Microsoft SQL database with jTDS driver in DLP network discover
book
Article ID: 163941
calendar_today
Updated On: 04-30-2024
Products
Data Loss Prevention Network Discover
Data Loss Prevention Endpoint Discover
Issue/Introduction
After installing jTDS driver and configuring NTML login with domain name
SQLSERVER://<server>:<port>/<database>;domain=<domain>;useNTLMv2=true
When the network discover scan starts, it fails because of an issue with untrusted domain.
The message shown:
The login is from an untrusted domain and cannot be used with Windows authentication.
Cause
Lack of permissions to authenticate a service in Kerberos.
Resolution
Add SPN for the service MSSQLSvc/<hostname> and MSSQLSvc/<fqdn>
Additional Information
Reference:
https://learn.microsoft.com/en-us/sql/relational-databases/native-client/features/service-principal-name-spn-support-in-client-connections?view=sql-server-ver15
Service Principal Name
https://msdn.microsoft.com/en-us/library/ms677949(v=vs.85).aspx
Feedback
Was this article helpful?
thumb_up
Yes
thumb_down
No