Microsoft KB Archive/241267

= PRB: SQL Server Link to Remote Database Fails with Error 7399 =

Article ID: 241267

Article Last Modified on 2/12/2007

-

APPLIES TO


 * Microsoft Data Access Components 1.5
 * Microsoft Data Access Components 2.0
 * Microsoft Data Access Components 2.1
 * Microsoft Data Access Components 2.5
 * Microsoft Data Access Components 2.6
 * Microsoft Data Access Components 2.7
 * Microsoft Windows 95
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q241267



SYMPTOMS
Under the following conditions:
 * User on computer A (either Windows NT or Windows 9x) is running SQL Enterprise Manager or Query Analyzer, managing a SQL Server on a Windows NT computer B.
 * The user creates a Linked Server, specifying a Microsoft Access, FoxPro, or other database on an NTFS share on computer C.
 * The user is logged into computer A using the same domain account the SQL Server is running under on computer B.
 * Computer B is registered in the computer A Enterprise Manager or Query Analyzer using Windows NT Authentication.
 * The NTFS share on computer C is configured to give full control to that same domain account.

if the user attempts to view the tables in the Linked Server that was just created, the user sees the following 7399 error (the exact content will vary depending on the remote database):

"Error 7399: OLE DB provider 'MSDASQL' reported an error. Driver's SQLSetConnectAttr failed The Microsoft jet database engine cannot open the file '(unknown)'. It is already opened exclusively by another user, or you need permission to view its data."

If the user moves to the SQL Server computer (computer B) and attempts the same operation, the user is able to view the tables without an error. If the user copies the remote database to the same computer as SQL Server (computer B) and attempts the same operation from computer A, the user is able to view the tables without an error.



CAUSE
Windows NT does not support "double hop" authentication. The second computer, computer B, is unable to use computer A's authentication to connect to the NTFS share.



RESOLUTION
You can resolve this problem in the following ways:
 * Register the SQL Server on computer B in the Enterprise Manager on computer A using SQL Authentication. When server B relays the request to connect to the NTFS share on computer C, it uses its own domain authentication, which will work since it is a single hop access.
 * Upgrade all involved computers to Microsoft Windows 2000 using Kerberos security. See your Kerberos documentation on the settings necessary for passthrough authentication.

Keywords: kbprb KB241267

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.