Permissions for PSExec run from SQL job

Question

I have the following in a CMDExec type SQL Job step (details changed):

D:\path\PSExec.exe \\servername -accepteula -u "domain\username" -p password D:\path\executable.exe

This works fine. However, I have set up a proxy in SQL Server for the same user account - which the job is using, so you'd think I wouldn't need the -u and -p arguments. But if I don't supply them I get the error:

Unhandled Exception: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

which is from SQL Server, because the remote executable connects to SQL as the same user context.

Why doesn't this work, and can I make it work without including the credentials in the job detail? (or a batch file, or similar)

Thanks

P.S. The SQL Server connected to by the remote executable is the same one as the job is run in, if it helps!

Answer 1

The reason is because Kerberos is not running!

Thanks to Marc Jellinek on LinkedIn SQLDBA group :)