Everything’s not tickity-boo … at least on my sql server.

The Sitch:

None of the SharePoint applications from my development or test environment (which share a SQL server) are responding (errors below).

Exception Details: Microsoft.SharePoint.WebPartPages.WebPartPageUserException: Cannot connect to the configuration database.

+

Exception Details: System.Data.SqlClient.SqlException: Cannot generate SSPI context.

What’s going on under the hood:

Turns out the SQL server’s time service had gotten wildly out of sync with the rest of the SharePoint application servers. This was causing all the transactions with the SQL server to fails as the server is configured to only accept transactions that occur within a small time window of it’s own system time.

Action:

– Tried diagnosing connection to database
 – Ping successful between the two servers
 – Unable to find the MSQLService refered to in the article.
 – Problem seems to have kicked in from about 0850 this morning (according to the event logs).

– Ended up reporting the issue to our System Admins while I continued to investigate.

Result:

Once the System Admin reset the time on the sqlServer everything in SharePoint world was Tickety-boo. They continue to search for the root cause of the time de-syncing (I’ll be interested to know what they discover).

Learnings:

Modern network communications often rely on server’s sharing a common date/time. This helps to avoid replay attacks (amongst other things).
Notes:

References:

http://support.microsoft.com/kb/823287 – series of diagnostics to test connectivity from the SharePoint application server to the SQL Server.

http://sharepointmadeeasy.blogspot.com/2009/07/event-id-5586-cannot-generate-sspi.html – someone experience same issue as us.

http://en.wikipedia.org/wiki/Replay_attack – wikipedia article on Replay attacks (hence the need for TimeStamping).

Advertisements

One Response to “Everything’s not tickity-boo … at least on my sql server.”

  1. Colin Says:

    Thanks. Had a similar problem myself yesterday and your suggestions resolved the issue.
    Your article was a life/career saver! 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: