question

MarissaVanOpens-9810 avatar image
0 Votes"
MarissaVanOpens-9810 asked Cathyji-msft commented

RDS database connection still using NTLM

Hi there,

We have a three node RDS cluster (Server 2016) that is connecting to our SQL cluster via computer account authentication. This connection is currently using NTLM for authentication but we'd really prefer to disable NTLM and leverage Kerberos for all of our authentication needs. Other database connections to the cluster are using Kerberos but not these and I'm not sure why.

When we started down this road there we needed up allow the SQL service account to register SPNs and once we did that most of the connections switched over to Kerberos but apparently not all.

Does anyone have any idea what I might be missing or a good article that can help me figure out why some database connections aren't using kerberos?

Thank you for your time and help.

sql-server-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MarissaVanOpens-9810,

We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it is not, please let us know.

0 Votes 0 ·

1 Answer

Cathyji-msft avatar image
0 Votes"
Cathyji-msft answered Cathyji-msft edited

Hi @a3pl-4697,

Internal connections and DAC(Dedicated Admin Connection), won't use the Kerberos. They will be connected using Shared memory and NTLM. If you connect to the SQL Server instance from the same host where SQL Server is installed then you may see connections using NTLM. Cross-domain connections require special configuration in order for Kerberos to work. Otherwise, connections will use NTLM.

Suggest you starting from below blogs, they will help you better understand your issue.

Using Kerberos Configuration Manager for SPNs Validation
FAQs Around Kerberos and SQL Server


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.