1

I have a web server on my domain that I'm trying to use Kerberos delegation to allow access to my SQL Server. They are all Server 2008 R2 servers with IIS 7.5 and SQL 2008 R2 (the DC is also Server 2008 R2).

Everything is working, in that I see transactions being executed on my SQL Server under the user's account. However, the first time I access the site after an extended period of time (30 mins or so) I get the following error thrown by my EF DataContext object:

Exception: The underlying provider failed on Open
at System.Data.EntityClient.EntityConnection.OptenStoreConnectionIf...

    Inner Exception: A network-related or instance-specific error occurred while 
      establishing a connection to SQL Server. The server was not found or was not 
      accessible. Verify that the instance name is correct and that SQL Server is 
      configured to allow remote connections. (provider: Named Pipes Provider, 
      error: 40 - Could not open a connection to SQL Server)

        Inner Inner Exception: The system cannot find the file specified

The error page takes ~20 to 30 seconds to be served. After receiving this error, if I hit refresh in my browser, I get the page with all of the data almost instantly (around 200ms)

What would be causing this initial connection to fail, but all subsequent connections to succeed?

Misc information:

  • EF 6.0
  • IIS 7.5, Windows Auth & APS.NET Impersonation enabled, Extended Protection Off, Kernal-mode auth Off, Providers - Negotiate:Kerberos
  • AppPool uses service account (all SPNs are registered to that account)

If there is any more information that you need, let me know and I'll update this list!

UPDATE:

After doing several network traces, I'm seeing the following pattern:

  1. HTTP Request 1
  2. 6 frames of KerberosV5 traffic
  3. HTTP Response: No SQL Data
  4. HTTP Request 2
  5. 2 frames of KerberosV5 traffic
  6. TDS Prelogin
  7. TDS Response
  8. 2 more frames KerberosV5 traffic (TGS MSSQLSvc request and response)
  9. 6 frames of TDS Traffic (SQL Data)
  10. HTTP Response: Success!!

I'm thinking this is a kerberos issue...

joe_coolish
  • 7,201
  • 13
  • 64
  • 111
  • What's your connection string look like, in your app? – brazilianldsjaguar May 31 '14 at 00:16
  • The nature of the error suggests that SQL Server might be down, or that your connection string to it could be invalid. The fact that the second time (after the error) it works, could mean that SQL Server Service was started (and auto-shuts-down after 30 mins?), or that the website chose a different connection string that worked (other config files? other projects?). Just some ideas to help you troubleshoot. – brazilianldsjaguar May 31 '14 at 00:23
  • Thanks for the suggestions! I know that the SQL server is functioning properly because other services depend on it. The only difference between their services and mine is that I'm using Kerberos and they are using a service account. Also, in my network traces, the request that fails doesn't have any communication with the SQL server, only the one that success sends traffic that way – joe_coolish May 31 '14 at 03:21

1 Answers1

0

I can't really tell what is causing your issue, but here is a tip on how you can deal with it, just in case you don't manage to find the cause:

EF CodePlex Link on Connection Resiliency

MSDN article on Connection Resiliency

This is feature introduced with Entity Framework 6.x. By the default, when EF encounters issue that you've brought up, it will throw an exception and then if you want to have a retry, you must write quite a messy code and duplicate it everywhere.

With Connection Resiliency, you're able to write DbExecutionStrategy that suits you the best. DbExecutionStrategy has a method that you can override that gives you ability to decide whether the query should be executed again once specific Exception type occurs. For the executing code and end user, this would just look like slight delay in execution, no error would appear.

From my personal experience, what you see now can be caused by many things, including some setting on your hosting provider (if you're not hosting it on premises). I'd look look into SQL logs or Event Viewer to see if SQL is from some reason going to a state where it is not available.

Admir Tuzović
  • 10,997
  • 7
  • 35
  • 71
  • 1
    I don't think anyone else is going to post and I'd hate for the rep to goto waste. I did learn a lot about EF Resiliency from your articles, but it didn't solve the issue. Thanks for your help! – joe_coolish Jun 04 '14 at 12:40
  • I am sorry that I can't be more helpful :( Thanks for the bounty rep! :) – Admir Tuzović Jun 04 '14 at 14:20