SQL Server 2008 “Can’t Generate SSPI Context” error on remote connection

While trying to setup a remote connection to a new SQL Server 2008 installation which uses Windows authentication (aka Kerberos) I encountered this error:

Can't generate SSPI context

A good high level explanation of what causes the error can be found on MSDN and a detailed explanation can be found at Microsoft Support but neither article has any detailed explanation of how to fix the problem.

In my case, during install, I had the server start under my user name when I should have instead had it start under the Network Service group. This is a problem because when user Bob tries to log into the server remotely, my user (the one the server is running under) doesn’t have the necessary permissions to run as Bob so Bob gets an error that SSPI can’t be generated. To fix this I needed to change the user that SQL Server runs under to Network Service. To do this:

  1. Open the Task Manager and go to the Services tab
  2. Click the Services button in the lower right corner
  3. Sort by name and find all the SQL entries
  4. In the “Log on as” column you should see some of the services have a user name. For each:
    1. Right click and select Properties
    2. Select the Log On tab
    3. Make sure This account is selected
    4. Fill in Network Service in the box next to “This account”
    5. Delete both passwords
    6. Click Ok
  5. Restart the SQL Server

This should cause the server to run under Network Service instead of a particular user.

Some extra technical details about my setup:

  • The SQL Server was already setup to accept remote connections
  • The Windows Firewall was already setup to accept incoming SQL requests
  • The SQL Server was configured to accept incoming TCP requests

Getting the Office 2010 API for C#

The following link is for the Microsoft Office Outlook 2010 API documentation.


For some reason finding this link initially was much more challenging than I would have thought.  So I’m blogging about it here both as a way for me to find it again and hopefully a way for others to not wast the amount of time I had to to find it.

SSH into a Windows computer

Here is an excellent description of how to turn a Windows computer into an SSH server using Cygwin.

Keys on Pidgin encryption and OTR

As a security and privacy conscious end user I have started encrypting my IM chats with Pidgin Encryption and Off-The-Record Messaging. Both plugins for Pidgin automatically create public/private key pairs which are used to encrypt my IM chats. Unfortunately, I also use many different computers to chat with my friends and by default each computer creates its own public/private key pair. I want my chats to always look like they are coming from me despite the computer I am on so I looked up how to copy the private keys between computers.

In Ubuntu Linux all the relevant files were all listed under the .gaim folder in my home directory. In Windows XP they were listed under the .purple in my Application Data folder.  All you have to do is move the files listed below from the appropriate directory on the original computer to the same directory on whatever other computers you want to use the same public/private key.

On my computer the keys were located in:

Windows: C:\Documents and Settings\UserName\Application Data\.purple

Ubuntu Linux: ~/.gaim

(In some versions of Ubuntu ~/.purple)


  • otr.private_key
  • otr.fingerprints

Pidgin Encryption

  • id
  • id.priv
  • known_keys

The known_keys and otr.fingerprints files list the public keys of other people who you chat with. You don’t have to move these files if you don’t want to. The otr.private_key, id and id.priv files contain your private key and must be moved.

Slow resoluton of user names in Windows XP

I recently had some trouble with a Windows XP machine which was being very slow resolving Secure Identification numbers (SID) to user and group names. The machine was a stand alone system with over 500 user accounts on it. The machine was a fresh install (user accounts were for a research project and were empty). Every time you clicked on properties for a file and looked at the file permissions for the file you would be presented with a list of SID numbers instead of a list of user names. Given enough time it would slowly resolved the SID numbers but it would take it forever to do so.

Turns out that it was trying to query a remote server to do the SID name resolution. Since there were 500 accounts this lookup was taking a very long time. To fix it I turned off the Workstation service. (Right click My Computer -> Manage, expand Services and Applications. Click Services and find Workstation Service. Right click Workstation service and select Properties. Under General click Stop which disables it till the next restart or select Disable under Startup type which will disable it until you expressly re-enable it).

Backing up files

The following script takes a file and appends the current date to it. This is a very useful script for backing up files regularly using crontab. I’m posting it here because it is both very useful and much harder to find online than one would think.

TIMESTAMP=$(date +%Y%m%d)
mv /home/bob/bob.dat /home/bob/bob-$TIMESTAMP.dat

Subversion on Ubuntu

Why is it always so hard to setup applications in Linux? Don’t get me wrong I much prefer setting up complex applications in Linux to setting them up in Windows but still there must be an easier way. I just spent several hours setting up subversion on my Ubuntu machine which involved some time on help pages and some time debugging and some time figuring out how I wanted my setup to work vs. other people’s setups. So I’m documenting some of my problems and solutions here just in case some other poor soul has a similar issue.

Basic Subversion setup

To begin the following url was an excellent help guide to start with. The guide described everything except how to do ssl encryption and I had some issues with the authentication which is detailed below.


Authentication issues

Once I got everything installed and working I tried doing a checkout on another machine. Much to my surprise the checkout worked but asked for no username or password. For some reason the server was requiring a username and password to write to a file on svn but not to read. Since I wanted my files to be kept private I had to lookup some documentation on how to change the authentication. I recommend this site, it is fairly cryptic but it has some good examples. I ended changing the /etc/apache2/mods-available/dav_svn.conf so it would only allow bob and myself to make changes.

<Location /svn/compilers>
DAV svn
SVNPath /home/svn/compilers
AuthType Basic
AuthName "compilers subversion repository"
AuthUserFile /etc/subversion/passwd
require user kami bob

SSL Encryption

Using the basic setup SVN sends all passwords and other data in the clear. This is somewhat insecure and I wanted to enable SSL encryption. There is a nice Ubuntu documentation page on how to do this. The only problem is that a default install of apache2 on Ubuntu doesn’t come with the apache2-ssl-certificate application. I found a discussion forum that talks about the issue and proposes several solutions. I’ve quoted the solution I used below:

* apache2-ssl.tar.gz (964 bytes, application/x-tar)

You can grab ssleay.cnf and apache2-ssl-certificate from Edgy’s apache2 version.

I hope this workaround works for people who bothered by this issue. Extract the package and put ssleay.cnf to /usr/share/apache2/ and apache2-ssl-certificate to /usr/sbin.

Create /etc/apache2/ssl directory. Then apache2-ssl-certificate script should work.