I set up a double hop linked server for two SQL Server 2014 servers, DEV and PROD. I made it under my Admin account with the 'Be made using the login's current security context' in the security setup. It works for me on DEV when I run my queries that referenced PROD databases.
When a developer try to run queries on DEV that referenced PROD databases on her computer, it does not work for her. She gets this error: "Msg 18456, Level 14, State 1, Line 1 Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."
I made sure to double check the requirements listed under these articles: https://msdn.microsoft.com/en-us/library/ms189580(v=sql.105).aspx https://blogs.msdn.microsoft.com/sql_protocols/2006/08/10/sql-linked-server-query-failed-with-login-failed-for-user/
Kerberos authentication is used for both servers. The developer's Active Directory has 'Account is sensitive and cannot be delegated' setting not selected.
The developer AD account is part of an AD Group, DevGroup, that has the needed database role, db_owner on both DEV and Prod.
Is it because my account has Admin level permissions for DEV and PROD and she does not?
I resolved it by creating a SQL server account on both environments that has the necessary permissions and using that for the link servers instead. This was a better solution than AD