Hi all - and please forgive in advance if this isn't the right forum for the question.
I have an application service which watches for a file to be dropped and then calls a SQL stored procedure which does a bulk insert into the DB from the file using unconstrained delegation to impersonate the service account of the application.
It worked fine in testing, and it worked fine when we tested during the prod deployment... but the next day, it failed! The error is the ever-so-helpful:
Cannot bulk load because the file "<FILEPATH>" could not be opened. Operating system error code 5 Access is denied. .Procedure , Line 1
Even more odd, when we restarted the service and tried again, it succeeded.
Through trial-and-error, we found that if we restart the application service *less than* 10 hours before the file is dropped, it succeeds. More than 10 hours, it fails.
So... I'm guessing Kerberos ticket expiration has something to do with this... but that's where I lose the thread. Is there some way to avoid this error other than restarting the service every night? I assume some kind of modification to the application which "exercises" the delegation rights on a regular basis? Any solution which doesn't require a new app build?
Thanks for any input.