Open dsand1234 opened 8 months ago
tkammerlander
commented
6 months ago Same Issue here. Same Error Message. Thanks a lot for mentioning that mcr.microsoft.com/mssql/server:2022-CU9-ubuntu-20.04 works. We had been debugging this issue for a couple of weeks now, probably still wouldn't be up and running without you.
THANKS A LOT MATE :-)
tkammerlander
commented
6 months ago did you get it to work with docker compose or directly with a docker run command? because we seem to have problems with getting it to work with docker compse (portainer) too.
thx, regards
tom
kfrancis1996
commented
5 months ago Seeing the same issue and error messages deploying on AmazonLinux2023 in AWS. Reused the same Docker Run command with CU9 and everything worked. Thanks @dsand1234
My container works if I downgrade to: mcr.microsoft.com/mssql/server:2022-CU9-ubuntu-20.04
I am able to do this step without error:
create login [domain\administrator] From Windows
but when I try to login, I get an error about the login being from an untrusted domain.
The debug logs show:
02/27/2024 16:49:21.454605635 Debug [security.kerberos] <0000000246/0x00000378> Processing SSPI operation 0x00000002 02/27/2024 16:49:21.454734357 Debug [security.kerberos] <0000000246/0x00000378> Resetting ccache name to FILE:/tmp/krb5cc_10001 02/27/2024 16:49:21.454982910 Error [security.kerberos] <0000000246/0x00000378> GSS MAJOR: 458752 GSS MINOR: 100001 Error from accept_sec_context 02/27/2024 16:49:21.454999320 Error [security.kerberos] <0000000246/0x00000378> No credentials were supplied, or the credentials were unavailable or inaccessible 02/27/2024 16:49:21.455007200 Error [security.kerberos] <0000000246/0x00000378> SPNEGO cannot find mechanisms to negotiate 02/27/2024 16:49:21.455117742 Error [security.kerberos] <0000000246/0x00000378> GSS MAJOR: 458752 GSS MINOR: -1765328189 Error in gss_inquire_cred in AutoCCache's constructor 02/27/2024 16:49:21.455127172 Error [security.kerberos] <0000000246/0x00000378> No credentials were supplied, or the credentials were unavailable or inaccessible 02/27/2024 16:49:21.455133662 Error [security.kerberos] <0000000246/0x00000378> No credentials cache found 02/27/2024 16:49:21.455172913 Info [security.kerberos] <0000000246/0x00000378> Created temporary ccache [MEMORY:pw019sC] for principal [].
I've also encountered this issue:
02/27/2024 16:53:44.062423966 Debug [security.kerberos.libos] <0000000141/0x000001d8> LookupAccountSid() return value: 0x00000001 02/27/2024 16:53:44.063661212 Debug [security.kerberos] <0000000269/0x000003d4> Processing SSPI operation 0x0000000D 02/27/2024 16:53:44.063778354 Debug [security.kerberos] <0000000269/0x000003d4> Resetting ccache name to FILE:/tmp/krb5cc_10001 02/27/2024 16:53:44.064081878 Error [security.ldap] <0000000269/0x000003d4> Could not look up short domain name due to error: Name or service not known. 02/27/2024 16:53:44.064096798 Debug [security.kerberos] <0000000269/0x000003d4> SSPI operation 0x0000000D returned status: File: KerberosStream.cpp:1677 [Status: 0xC0000001 Operation unsuccessful] 02/27/2024 16:53:44.064168909 Debug [security.kerberos.libos] <0000000141/0x000001d8> LookupAccountName() return value: 0x00000000 02/27/2024 16:53:44.805230141 Debug [security.kerberos.libos] <0000000141/0x000001d8> AcquireCredentialsHandle(): EmptyPrincipalName: true, fCredentialUse: 00000002, CurrentImpersonationHandle: 0000000000000000, Package: negotiate 02/27/2024 16:53:44.805278511 Debug [security.kerberos.libos] <0000000141/0x000001d8> Calling LibOS version of AcquireCredentialsHandle()
Again, it works on earlier versions of the container (<= CU9).