I don't have access to the Active Directory settings, nor do I have access to change anything on the linked server.
From everything I've read, it seems like this means I cannot use Kerberos – which is a big problem, because I don't know how to use a linked server without it.
Is there any way to connect to a linked server without Kerberos? (or some way to enable Kerberos without admin in AD?)
Exact problem description
When I connect to the linked server while sitting in front of my server, it works fine; but when I try to connect to the linked server from any other computer (delegating through my server), it gives the error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (Microsoft SQL Server, Error: 18456)
It seems that this is the "double-hop problem," and the usual solution is to enable Kerberos, which requires access to AD and the linked server.
I get the same error when I set security to "Be made using the login's current security context," and I can't use "Be made using this security context" because that appears to use SQL-authentication (which is not enabled on the linked server) instead of NTLM
Best Answer
This is indeed a case of constrained delegation (ie .'double hop'). There is no setting you can change which would make this work. If one would exist, it would be by definition a bug, as it would break the domain policy on constraining delegation only to trusted accounts. So unless you make the AD change to mark the SQL Server 'in the middle' as trusted for delegation, you won't succeed doing a double hop. And any other work around I would give you would put me in a position to help you violate your domain policies. Since it seems you understand the technical problem, I'd recommend you knock at the right doors: the masters of your domain and/or the stakeholders of your requirements.