Home Dashboard Directory Help
Search

MDSModelDeploy.exe Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. by Olof Szymczak


Status: 

Closed
 as Not Reproducible Help for as Not Reproducible


1
0
Sign in
to vote
Type: Bug
ID: 734849
Opened: 3/31/2012 4:19:26 AM
Access Restriction: Public
1
Workaround(s)
view
0
User(s) can reproduce this bug

Description

If you try to run the following powershell command

invoke-command -computername Servername -scriptblock {& 'C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration\MDSModelDeploy.exe' createpackage -model TestModel -package c:\Data\LocalBackup\TestModelackage.pkg -version VERSION_1 -service MDS2 -includedata}

you get the following error
Creating a package for model MTN
MDSModelDeploy operation failed. Elapsed time: 00:00:06.4551044
Error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

I enable trace on MDSModelDeploy

Error Log
MDS Information: 0 : Attempting to execute command: MDSModelDeploy createpackage -model TestModel -package c:\Data\LocalBackup\TestModelackage.pkg -version VERSION_1 -service MDS2 -includedata
    DateTime=2012-03-31T10:35:02.3896659Z
MDS Error: 0 : Service started successfully, Assembly version: 11.0.0.0, file version: 11.0.2100.60 ((SQL11_RTM).120210-1917 )
    DateTime=2012-03-31T10:35:10.6863285Z
MDS Error: 0 : ApiContractVersion: 5102
    DateTime=2012-03-31T10:35:10.6863285Z
MDS Start: 1 : Service.InitializeExpirationStatus
    DateTime=2012-03-31T10:35:10.6863285Z
MDS Information: 0 : Evaluation period days remaining code: 0
    DateTime=2012-03-31T10:35:10.7488269Z
MDS Stop: 2 : Service.InitializeExpirationStatus
    DateTime=2012-03-31T10:35:10.7488269Z
MDS Start: 1 : Deployment: getting list of models
    DateTime=2012-03-31T10:35:10.7644515Z
MDS Start: 1 :
                 Begin operation: ExecuteRequest
                 Host info:     Microsoft.MasterDataServices.Core.ExplicitHostContext
                 User Name:     Domain\username
                 Time:            03/31/2012 21:35:10
    DateTime=2012-03-31T10:35:10.9050729Z
MDS Verbose: 0 : Request message:
<MetadataGetRequest xmlns="http://schemas.datacontract.org/2004/07/Microsoft.MasterDataServices.Services.MessageContracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<International i:nil="true" xmlns:a="http://www.w3.org/2005/09/ws-i18n" />
<ResultOptions xmlns:a="http://schemas.microsoft.com/sqlserver/masterdataservices/2009/09">
    <a:Models>Identifiers</a:Models>
</ResultOptions>
<SearchCriteria
    <a:Versions />
</Metadata>
</MetadataGetResponse>
    DateTime=2012-03-31T10:35:11.4206847Z
MDS Error: 0 :
    DateTime=2012-03-31T10:35:11.4206847Z
MDS Error: 0 : MDSModelDeploy operation failed. Elapsed time: 00:00:09.1523012
    DateTime=2012-03-31T10:35:11.4206847Z
MDS Error: 0 : Error:
    DateTime=2012-03-31T10:35:11.4206847Z
MDS Error: 0 : System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
at Microsoft.MasterDataServices.Core.DataAccess.DbHelper.ExecuteNonQueryHandlingTransportError(SqlCommand sqlCommand)
at Microsoft.MasterDataServices.Core.DataAccess.DbHelper.GetTimeout(String settingName)
at Microsoft.MasterDataServices.Core.DataAccess.DbHelper.SetConnection(String connectionString)
at Microsoft.MasterDataServices.Core.BusinessEntities.RequestContext.InitializeDatabaseContext()
at Microsoft.MasterDataServices.Core.BusinessEntities.RequestContext.InitializeRequestContext(HostContext hostContext)
at Microsoft.MasterDataServices.Services.Service.MetadataGet(MetadataGetRequest request)
at Microsoft.MasterDataServices.WebUI.ServiceAdapter.ExecuteRequest[TRequestType,TResponseType](MdmServiceOperation`2 operation, TRequestType request)
at Microsoft.MasterDataServices.WebUI.ServiceAdapter.DoMetadataGet(MetadataSearchCriteria searchCriteria, MetadataResultOptions resultOptions)
at Microsoft.MasterDataServices.Deployment.ModelReader.GetModels(Boolean isAdminOnly)
at Microsoft.MasterDataServices.Deployment.Utility.ModelDeploy.CreatePackage(String serviceName, String packageFile, String modelName, String versionName, Boolean includeData)
at Microsoft.MasterDataServices.Deployment.Utility.ModelDeploy.Main(String[] args)
    DateTime=2012-03-31T10:35:11.4206847Z

After using reflector I managed to find the code that is causing the issue
private void InitializeRequestContext(HostContext hostContext)
{
    Log.WriteStart("RequestContext.InitializeRequestContext");
    if (hostContext == null)
    {
        throw new ArgumentNullException("hostContext");
    }
    this.HostContext = hostContext;
    this.InitializeDatabaseContext();
    this.InitializeCurrentUser();
    Log.WriteStop("RequestContext.InitializeRequestContext");
}
Not sure if calling InitializeCurrentUser before InitializeDatabaseContext will fix the problem. As I didn’t have to time to decompile all the MDS code and try to get it to compile.
Details
Sign in to post a comment.
Posted by Microsoft on 4/19/2012 at 7:21 AM
Thanks Olof,

Here are a few links that may help answer the "is delegation enabled" question:

http://blogs.technet.com/b/josebda/archive/2008/06/27/using-constrained-delegation-to-remotely-manage-a-server-running-hyper-v-that-uses-cifs-smb-file-shares.aspx

http://www.bing.com/search?q=remote+powershell+constrained+delegation

Does this help?
Posted by Olof Szymczak on 4/18/2012 at 10:22 PM
Script A - list services Remotely
invoke-command -computername testdomain\ServerC -scriptblock {& 'C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration\MDSModelDeploy.exe' listservices}

Script B - Create Package Remotely
invoke-command -computername testdomain\ServerC -scriptblock {& 'C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration\MDSModelDeploy.exe' createpackage -model TestModel -package c:\Data\LocalBackup\TestModelackage.pkg -version VERSION_1 -service MDS2 -includedata}


I am part of the local administrators group on all 3 servers

On testdomain\ServerC
In a Powershell window I can execute both commands with correct results
'C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration\MDSModelDeploy.exe' listservices
'C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration\MDSModelDeploy.exe' createpackage -model TestModel -package c:\Data\LocalBackup\TestModelackage.pkg -version VERSION_1 -service MDS2 -includedata

On testdomain\ServerA
In a powershell window
Script A - works fine and get the correct result
Script B - Fails due to 'NT AUTHORITY\ANONYMOUS LOGON'

Is there a login on the target server for the user credentials under which you’re running the script?
All the servers are on the same domain.
Is delegation enabled in Active Directory?
How do I test this?

Olof

Posted by Microsoft on 4/18/2012 at 5:43 AM
Hi Olof,

Thanks for the additional details about the error. Can you please respond to the questions which were posed in our initial reply? Without this information, we will not be able to proceed.

The delegation question in particular is important. The symptoms you describe suggest that this may be a Kerberos double hop scenario (http://www.bing.com/search?q=kerberos+double+hop ) but there is not enough information available to proceed.

Matthew
Posted by Olof Szymczak on 4/17/2012 at 5:06 PM
SQL 2012 RTM MDS version
ID: 1
ProductName: Microsoft SQL Server 2012 Master Data Services
ProductVersion: 11.0.0.0
ProductRegistrationKey: 0
SchemaVersion: 11.0.2.1
MDS is installed on SQL 2008 R2 10.50.2500

testdomain\ServerA win7 x64
Powershell version 2.0.-1.-1
testdomain\ServerB win 2003 enterprise ex64 edition (sql server)
testdomain\ServerC win 2008 R2 Standarf ex64 edition (webserver mds portal installed)

run this on testdomain\ServerA
invoke-command -computername testdomain\ServerC -scriptblock {& 'C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration\MDSModelDeploy.exe' createpackage -model TestModel -package c:\Data\LocalBackup\TestModelackage.pkg -version VERSION_1 -service MDS2 -includedata}

Result
if the connection string has Integrated Securit you get
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
else if the connect string has username and password the package gets created.

Have a look a the following code in:
Microsoft.MasterDataServices.Core.dll
Namespace:Microsoft.MasterDataServices.Core.BusinessEntities
Class: RequesContext
Method: InitializeRequestConext and InitializeDatabaseContext ( this is where the error is occuring)


Olof
Posted by Microsoft on 4/17/2012 at 9:46 AM
Hi Olof,

We’re closing this issue as “Can’t Reproduce.” If you can please provide the information requested on April 3rd we will gladly revisit this issue, but without this information we are unable to proceed.

Matthew
Posted by Microsoft on 4/3/2012 at 1:23 PM
Hi Olof,

Thanks for the problem report. To help us set up a repro environment, can you please answer the following questions?

* What version of SQL Server 2012 are you using? Is this RTM or a pre-release version?
* It looks like you’re attempting to remotely execute this script - does the same script work when running on the target computer?
* Can you remotely execute other (non-MDS?) scripts using the same approach and same user credentials?
* Is there a login on the target server for the user credentials under which you’re running the script?
* Is delegation enabled in Active Directory?

Thanks in advance!

Matthew
Sign in to post a workaround.
Posted by Olof Szymczak on 3/31/2012 at 4:25 AM
Is to set the connection string to sql login instead of Integrated Security
from        <add name="MDS2" connectionString="Data Source=servername;Initial Catalog=database;Integrated Security=True;Connect Timeout=60" />
to            <add name="MDS2" connectionString="Data Source=servername;Initial Catalog=database;User Id=sqlloginuser;Password=password;Connect Timeout=60" />