Hi

I have a Database Query monitor set up to get results from a View in MS-SQL Server. The View obtains some info from a Linked SQL Server as part of it's query. The infrastructure is shown below:

Applications Manager -> SQLServerA -> SQLServerB

We have set up the AD Domain with SPNs for the SQL Server service accounts.

We have configured the Service Account for SQL Server A in AD to allow Account Delegation using Kerberos for the service MSSQLSvc on SQL Server B.

When testing this using any tool other than Applications Manager we can succesfully run the query. Condition is that we specify the server name we connect to as "SQLServerA,51000", where 51000 is the TCP Port number the instance is on.

Since in the Database Query monitor a TCP port must be specified (51000 in our case), I expected it to work here as well, but it does not. We get an error that "login fails for NT AUTHORITY\ANONYMOUS", which is returned by SQL Server B to SQL Server A. This means that Kerberos is not used but NTLM.

For our environment Kerberos is a non-negotiable requirement set by Architecture. Another requirement is that we use integrated security for SQL Server.

Is there a way to ensure that Kerberos is used from Applications Manager in the Database Query monitor?