I've tried to use Windows authentication to connect to database in MS SQL Server 2000, my connection string like below:
"server=(local);Initial Catalog=myDatabase;Trusted_Connection=yes"
when I run my code, there is an error occur with below message:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
My SQL Server is configured as Window authentication.
I can't resolve this problem.
Please whow me how to do!
Thank you very much!
You either need to grant the Network Service account access rights toSQL Server, or your application needs to impersonate a specific Windowsuser that has rights to the database.
Showing posts with label authentication. Show all posts
Showing posts with label authentication. Show all posts
Friday, March 30, 2012
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
I have:
(1) SQL 2005 on a member server, Windows Authentication
(2) I'm using Visual Studio.Net 2005 on my Windows XP sp2 work station.
(3) From my machine, within my development application, I have no problem accessing the Data in the SQL server.
(4) I Receive the Login Failed error after I copy my project to the Test Web Server (Same machine that houses SQL) and test from either my machine or from the host server.
More details of the error message are:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Source Error:
Line 33: DA = New SqlDataAdapter(sSql, CONN_STRING)
Line 34: DS = New DataSet
Line 35: DA.Fill(DS)
Line 36:
Line 37: Session("NameInquiry_DS") = DS
Source File: C:\Inetpub\wwwroot\nameinquiry\NameInquiry.aspx.vb Line: 35
The finished product is to be an Intranet site only; accessible by employees within our own private network.
The SQL is a new install with only test data.
What have I missed that is causing the permission problem? The event viewer shows a nonauthenticated user is causing the problem. But, how do I correct this?
Could you please post the connection string here and the part of the web.config file about impersonation (if any and not commented out). This is a configuration problem. Which user do you want to authenticate while connecting to the database ?http://msdn2.microsoft.com/en-us/library/aa302377.aspx
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de|||
Hi, Terry
Try to read following article, they probably include solution to your problem:
1) http://support.microsoft.com/kb/316989/
2) https://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=348662&SiteID=17
3) http://msdn2.microsoft.com/en-us/library/ab4e6cky(vs.80).aspx
Good Luck!
Ming.
|||
Here is my connection string and the Web.Config.
What is confusing is that I have zero issues running the application within VS ASP.NET. It's only when I run the application outside the development software.
When I check the Event Viewer on the server that houses SQL, the login name is blank. That's why I believe I have a permissions error. I just don't have any idea what permissions to set. It doesn't matter which desktop I use, the connection fails. If I try to access the website from the Server it's housed using the administrator login, I still get the Login failed message.
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings>
<add key="ConnStringer" Value="packet size=4096;Data Source=MYSERVER;Initial Catalog=MyDataBase;Integrated Security=True;"/>
</appSettings>
<connectionStrings>
<add name="myConnection" connectionString="server=MYSERVER;database=MyDataBase;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<authentication mode="Forms" />
<roleManager enabled="true" />
<compilation debug="true" strict="false" explicit="true"/>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<anonymousIdentification enabled="true"/>
<profile enabled="true">
<properties>
<add name="myGroupID" allowAnonymous="true"/>
<add name="myUserID" allowAnonymous="true"/>
</properties>
</profile>
</system.web>
</configuration>
Ming,
The articles were very informitive but none of the possible solutions resolved my problem.
In an earlier post, I stated that everything worked fine within my VS .NET application. I have since learned that as long as I view data only, it works. If I attempt to do any writes, the application fails. Therefore, I'm more convinced this is an authentication related issue. Now I'm asking the following questions as I try to locate and resolve this issue:
I have determined that NT AUTHORITY\NETWORK SERVICE is the default login when I run my application. Based on what I've read from the many web posts concerning Windows Authenticaion, this is normal. How do I control the default login name? Meaning, can this be changed? If so, How? Should it be changed? Can I set various permissions to the various SQL databases? If so, How?
|||
Are your client and server machine in WORKGROUP instead of domain? If so, can you try grant database login to "<machinename>\guest" see whether it works?
As for your questions that how to control default login name, it is more of ASP.NET configuration issue, such as you can change ASP.NET account( http://www.bluevisionsoftware.com/WebSite/TipsAndTricksDetails.aspx?Name=AspNetAccount)
or post your question in ASP.NET forum.
The workaround here is
1) Change your connection string to force tcp connection(adding prefix "tcp:" in DataSource field ).
2) Use SQL authentication.
Good Luck!
Ming.
|||
Hi,
using Anonymous authentication will make you able to use a single user connecting to the database. This uer has to be setup in the security tab of the website in the IIS configuration screen. If you want to use this combination, you will have to set the tag of the web.config to impersonate=true. This will let you use login procided within the IIS to access SQL Server. If you want to authenticate / impersonate the user which is currently accessing the web page, you will have to (assuming that the web server is on the same server as the SQl Server) disbal the anonymous access option in the IIS configuration dialog.
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
I think that the 3rd of Ming's posts alludes to the potential problem and provides links to additional relevant info (and your hunch about authentication related issue would also be accurate). The most likely source of the problem, as Ming and Jens have pointed out, is impersonation.
NT AUTHORITY\NETWORK SERVICE is the account that IIS runs under on Windows Server 2003 and without any additional configuration, this is the account that will attempt to access whatever resources the web application needs. Since this is the account that is trying to access the database, it appears that the outbound attempt is not attempting the connection as the connected user. This is where the web.config settings that Jens mentioned come into play and there's a good synopsis of the options available on http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp (this looks identical to the link Jens posted earlier). You probably don't need or want IIS to run under a different account.
If you want each domain user to have a separate connection to the database, you will need to disable Anonymous Access and turn on Integrated Windows authentication (this would be on the Directory Security tab for the web site in IIS Manager). You'd then specify <identity impersonate="true"/> in your web.config. You may also want to change the <authentication> element to be mode="Windows"...check with MSDN and or the ASP.NET forum for additional info/guidance on the specifics there, as I'm well outside my area of expertise on that point.
If you want all DB access to route through a single connection (I'm not entirely sure that's advisable, but your circumstances may dictate this) and/or as a single user (also not advisable...auditability of data written to the database would be compromised, so you wouldn't be able to determine who made a given change), you could continue to use Integrated Windows authentication on your web app but change the web.config to be:
<identity impersonate="false"/>
<authentication mode="Windows"/>
You'd then provide access to the SQL Server table via one of the server roles for the NT AUTHORITY\NETWORK SERVICE account. An example would be to use sp_addrolemember to add this account to public and grant public insert and update permissions on these tables (if it doesn't have them already).
There is a "How To" article on these options available at: http://msdn2.microsoft.com/en-us/library/ht43wsex(VS.80).aspx
Good luck,
Jason
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
I have:
(1) SQL 2005 on a member server, Windows Authentication
(2) I'm using Visual Studio.Net 2005 on my Windows XP sp2 work station.
(3) From my machine, within my development application, I have no problem accessing the Data in the SQL server.
(4) I Receive the Login Failed error after I copy my project to the Test Web Server (Same machine that houses SQL) and test from either my machine or from the host server.
More details of the error message are:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Source Error:
Line 33: DA = New SqlDataAdapter(sSql, CONN_STRING)
Line 34: DS = New DataSet
Line 35: DA.Fill(DS)
Line 36:
Line 37: Session("NameInquiry_DS") = DS
Source File: C:\Inetpub\wwwroot\nameinquiry\NameInquiry.aspx.vb Line: 35
The finished product is to be an Intranet site only; accessible by employees within our own private network.
The SQL is a new install with only test data.
What have I missed that is causing the permission problem? The event viewer shows a nonauthenticated user is causing the problem. But, how do I correct this?
Could you please post the connection string here and the part of the web.config file about impersonation (if any and not commented out). This is a configuration problem. Which user do you want to authenticate while connecting to the database ?http://msdn2.microsoft.com/en-us/library/aa302377.aspx
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de|||
Hi, Terry
Try to read following article, they probably include solution to your problem:
1) http://support.microsoft.com/kb/316989/
2) https://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=348662&SiteID=17
3) http://msdn2.microsoft.com/en-us/library/ab4e6cky(vs.80).aspx
Good Luck!
Ming.
|||
Here is my connection string and the Web.Config.
What is confusing is that I have zero issues running the application within VS ASP.NET. It's only when I run the application outside the development software.
When I check the Event Viewer on the server that houses SQL, the login name is blank. That's why I believe I have a permissions error. I just don't have any idea what permissions to set. It doesn't matter which desktop I use, the connection fails. If I try to access the website from the Server it's housed using the administrator login, I still get the Login failed message.
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings>
<add key="ConnStringer" Value="packet size=4096;Data Source=MYSERVER;Initial Catalog=MyDataBase;Integrated Security=True;"/>
</appSettings>
<connectionStrings>
<add name="myConnection" connectionString="server=MYSERVER;database=MyDataBase;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<authentication mode="Forms" />
<roleManager enabled="true" />
<compilation debug="true" strict="false" explicit="true"/>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<anonymousIdentification enabled="true"/>
<profile enabled="true">
<properties>
<add name="myGroupID" allowAnonymous="true"/>
<add name="myUserID" allowAnonymous="true"/>
</properties>
</profile>
</system.web>
</configuration>
Ming,
The articles were very informitive but none of the possible solutions resolved my problem.
In an earlier post, I stated that everything worked fine within my VS .NET application. I have since learned that as long as I view data only, it works. If I attempt to do any writes, the application fails. Therefore, I'm more convinced this is an authentication related issue. Now I'm asking the following questions as I try to locate and resolve this issue:
I have determined that NT AUTHORITY\NETWORK SERVICE is the default login when I run my application. Based on what I've read from the many web posts concerning Windows Authenticaion, this is normal. How do I control the default login name? Meaning, can this be changed? If so, How? Should it be changed? Can I set various permissions to the various SQL databases? If so, How?
|||
Are your client and server machine in WORKGROUP instead of domain? If so, can you try grant database login to "<machinename>\guest" see whether it works?
As for your questions that how to control default login name, it is more of ASP.NET configuration issue, such as you can change ASP.NET account( http://www.bluevisionsoftware.com/WebSite/TipsAndTricksDetails.aspx?Name=AspNetAccount)
or post your question in ASP.NET forum.
The workaround here is
1) Change your connection string to force tcp connection(adding prefix "tcp:" in DataSource field ).
2) Use SQL authentication.
Good Luck!
Ming.
|||
Hi,
using Anonymous authentication will make you able to use a single user connecting to the database. This uer has to be setup in the security tab of the website in the IIS configuration screen. If you want to use this combination, you will have to set the tag of the web.config to impersonate=true. This will let you use login procided within the IIS to access SQL Server. If you want to authenticate / impersonate the user which is currently accessing the web page, you will have to (assuming that the web server is on the same server as the SQl Server) disbal the anonymous access option in the IIS configuration dialog.
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
I think that the 3rd of Ming's posts alludes to the potential problem and provides links to additional relevant info (and your hunch about authentication related issue would also be accurate). The most likely source of the problem, as Ming and Jens have pointed out, is impersonation.
NT AUTHORITY\NETWORK SERVICE is the account that IIS runs under on Windows Server 2003 and without any additional configuration, this is the account that will attempt to access whatever resources the web application needs. Since this is the account that is trying to access the database, it appears that the outbound attempt is not attempting the connection as the connected user. This is where the web.config settings that Jens mentioned come into play and there's a good synopsis of the options available on http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp (this looks identical to the link Jens posted earlier). You probably don't need or want IIS to run under a different account.
If you want each domain user to have a separate connection to the database, you will need to disable Anonymous Access and turn on Integrated Windows authentication (this would be on the Directory Security tab for the web site in IIS Manager). You'd then specify <identity impersonate="true"/> in your web.config. You may also want to change the <authentication> element to be mode="Windows"...check with MSDN and or the ASP.NET forum for additional info/guidance on the specifics there, as I'm well outside my area of expertise on that point.
If you want all DB access to route through a single connection (I'm not entirely sure that's advisable, but your circumstances may dictate this) and/or as a single user (also not advisable...auditability of data written to the database would be compromised, so you wouldn't be able to determine who made a given change), you could continue to use Integrated Windows authentication on your web app but change the web.config to be:
<identity impersonate="false"/>
<authentication mode="Windows"/>
You'd then provide access to the SQL Server table via one of the server roles for the NT AUTHORITY\NETWORK SERVICE account. An example would be to use sp_addrolemember to add this account to public and grant public insert and update permissions on these tables (if it doesn't have them already).
There is a "How To" article on these options available at: http://msdn2.microsoft.com/en-us/library/ht43wsex(VS.80).aspx
Good luck,
Jason
Wednesday, March 28, 2012
Login failed for user NT AUTHORITY\ANONYMOUS LOGON
Hello everyone,
I am receiving the above error when using a workstation to connect to my webfiles.
I am using windows authentication (whcih I have selected as my only option on the IIS).
Impersonate is set to true in the webconfig file, with authentication set to Windows.
My connection string is: SQLConnection1 = "initial catalog=SIMS;data source=spacesql;integrated security=SSPI"
It runs no problem when I use the localhost.
It allows me to use other aspx pages that do not connect to the SQL server.
It only gives me this error when I am using a page that tries to connect to the SQL server.
The SQL files reside on a separate server to the IIS and I would like it to remain this way.
Can anyone help me wit this please
Thank you,
RebeccaOk, stupid question.
How is an SQL Server on Computer B supposed to authorize users according to a user account on computer A? Without domain, without using a domain account et al.
Answer: it can not.
An this is your problem.|||Hi,
I suggest you look for information on 'Accessing SQL Server using a Mapped Windows Domain Server'. That may have the solution you are looking for. Try msdn.microsoft.com, and look for this and other authentication and authorization info for web based applications.
Good luck with your project.|||Both computers are on a domain using a domain account et al.
I am not that stupid.
Monday, March 26, 2012
Login failed for user '(null)'...
There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
selected a database on PC2 using Windows authentication and executed the
following query:
select * from PC1.Database1.dbo.Table1
I got this error:
Server: Msg 18452, Level 14, State 1, Line 2
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection.
Both servers are set to mixed mode authentication and both are linked
using sp_addlinkedserver. Does anybody have a solution to this issue?
--
Best regards,
Vladimir.Vova
When you created linked server what is the login do you specify?
"Vladimir Svrkota" <see@.reply.to> wrote in message
news:1o1fojctigtr3.dlg@.vladimir.svrkota...
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
> --
> Best regards,
> Vladimir.|||Vladimir Svrkota wrote:
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
>
Hi
You most likely need to specify a login that can access the remote
server. If you don't specify anything, the server will try to connect
using your NT login which requires that the both servers is set to
delegation.
Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
--
Regards
Steen Schlüter Persson
Database Administrator / System Administrator|||"Steen Schlüter Persson (DK)" wrote:
> Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
Thanks. I'll take a look.
--
Best regards,
Vladimir.
selected a database on PC2 using Windows authentication and executed the
following query:
select * from PC1.Database1.dbo.Table1
I got this error:
Server: Msg 18452, Level 14, State 1, Line 2
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection.
Both servers are set to mixed mode authentication and both are linked
using sp_addlinkedserver. Does anybody have a solution to this issue?
--
Best regards,
Vladimir.Vova
When you created linked server what is the login do you specify?
"Vladimir Svrkota" <see@.reply.to> wrote in message
news:1o1fojctigtr3.dlg@.vladimir.svrkota...
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
> --
> Best regards,
> Vladimir.|||Vladimir Svrkota wrote:
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
>
Hi
You most likely need to specify a login that can access the remote
server. If you don't specify anything, the server will try to connect
using your NT login which requires that the both servers is set to
delegation.
Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
--
Regards
Steen Schlüter Persson
Database Administrator / System Administrator|||"Steen Schlüter Persson (DK)" wrote:
> Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
Thanks. I'll take a look.
--
Best regards,
Vladimir.
Login failed for user '(null)'...
There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
selected a database on PC2 using Windows authentication and executed the
following query:
select * from PC1.Database1.dbo.Table1
I got this error:
Server: Msg 18452, Level 14, State 1, Line 2
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection.
Both servers are set to mixed mode authentication and both are linked
using sp_addlinkedserver. Does anybody have a solution to this issue?
Best regards,
Vladimir.Vova
When you created linked server what is the login do you specify?
"Vladimir Svrkota" <see@.reply.to> wrote in message
news:1o1fojctigtr3.dlg@.vladimir.svrkota...
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
> --
> Best regards,
> Vladimir.|||Vladimir Svrkota wrote:
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
>
Hi
You most likely need to specify a login that can access the remote
server. If you don't specify anything, the server will try to connect
using your NT login which requires that the both servers is set to
delegation.
Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
Regards
Steen Schlter Persson
Database Administrator / System Administrator|||"Steen Schlter Persson (DK)" wrote:
> Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
Thanks. I'll take a look.
Best regards,
Vladimir.sql
selected a database on PC2 using Windows authentication and executed the
following query:
select * from PC1.Database1.dbo.Table1
I got this error:
Server: Msg 18452, Level 14, State 1, Line 2
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection.
Both servers are set to mixed mode authentication and both are linked
using sp_addlinkedserver. Does anybody have a solution to this issue?
Best regards,
Vladimir.Vova
When you created linked server what is the login do you specify?
"Vladimir Svrkota" <see@.reply.to> wrote in message
news:1o1fojctigtr3.dlg@.vladimir.svrkota...
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
> --
> Best regards,
> Vladimir.|||Vladimir Svrkota wrote:
> There are two computers, PC1 and PC2. On PC1 I started QueryAnalyzer and
> selected a database on PC2 using Windows authentication and executed the
> following query:
> select * from PC1.Database1.dbo.Table1
> I got this error:
> Server: Msg 18452, Level 14, State 1, Line 2
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Both servers are set to mixed mode authentication and both are linked
> using sp_addlinkedserver. Does anybody have a solution to this issue?
>
Hi
You most likely need to specify a login that can access the remote
server. If you don't specify anything, the server will try to connect
using your NT login which requires that the both servers is set to
delegation.
Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
Regards
Steen Schlter Persson
Database Administrator / System Administrator|||"Steen Schlter Persson (DK)" wrote:
> Try to look up sp_addlinkedsrvlogin in BOL - that will give you more info.
Thanks. I'll take a look.
Best regards,
Vladimir.sql
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connect
After an office move (accompanied by IP Address changes), I can no longer
use Windows authentication to connect to one of my SQL Server machines.
Nothing else seems to have changed. This is an example of what I am facing.
For simplicity, I conducted this with Query Analyzer, attempting to connect
via SQL Server authentication and Windows authentication:
SERVER1 --> SERVER2 : Both succeed
SERVER1 --> SERVER3 : Both succeed
SERVER2 --> SERVER1 : Both succeed
SERVER2 --> SERVER3 : Both succeed
SERVER3 --> SERVER1 : Both succeed
SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
authentication returns: Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection.
Server Specs
============
SERVER1 : SQL2K Enterprise Edition, SP3 (8.00.760) on Windows 2000 Server
SERVER2 : SQL2K Developer Edition, SP3a (8.00.818) on Windows 2000 Server
SERVER3 : SQL2K Developer Edition, SP3a (8.00.818) on Windows Server 2003
Named pipes and TCP/IP are enabled on all three (client and network).
SERVER1 sits in our DMZ; its IP Address did not change. SERVERs 2 & 3 got
new addresses and new DNS entries. None is on a domain.
I have seen similar questions posed here, but have yet to see a suggestion
that resolves my problem. Any ideas?
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
If server2 and serv3 are not on a domain what account are you using to log
on with windows authentication? Are you using pass-thru authentication? If
the user being returned is NULL (as in your case) it means the problem is
outside of sql permissions, this means sql cannot even see what account is
trying to log on to it. One example of how this can happen is this:
Server2 is on Workgroup2 - there is a local account User2 - there is NO
local account User3 on this machine
Server3 is on Workgroup3 - there is a local account User3 - there is NO
local account User2 on this machine
So now if I log on to Server3 as user User3, and then use windows
authentication to connect to server2 this would fail since on the Server2
no account User3 exists, what you would usually see is a login entry in the
SECURITY log on server2 for an account: ANONYMOUS (which by default does
not have permissions into SQL Server).
To troubleshoot this issue I would recommend
1. If you are using PASS-THROUGH authentication (per my example above),
create an account User3 on your Server2 box which has the same name and
password as the user3 account on Server3
2. Enable security account auditing on your Server2 box to see what account
is seen on the Server2 box when you try your windows authentication
connection - I suspect you may see ANONYMOUS or something similar
3. Check these articles as well:
- BOL topic: Security Account Delegation
- You may not be able to connect to a SQL Server that is running on a - ID:
840219
http://support.microsoft.com/?id=840219
- How to troubleshoot connectivity issues in SQL Server 2000 - ID: 827422
http://support.microsoft.com/?id=827422
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||Fany Vargas [MSFT] wrote:
> If server2 and serv3 are not on a domain what account are you
> using to log on with windows authentication?
I am using local accounts on both servers, in which the account name &
password are identical. Recall that SERV2 --> SERV3 is successful with
Windows Authentication, but SERV3 --> SERV2 is not.
> Are you using pass-thru authentication?
I'm not sure what you mean by this. If I select "Windows Authentication"
when connecting (whether in a SQL Server tool or with something like a UDL
file setup), the one direction fails while the other succeeds...
> 1. If you are using PASS-THROUGH authentication (per my example
> above), create an account User3 on your Server2 box which has the
> same name and password as the user3 account on Server3
Aready there...
> 2. Enable security account auditing on your Server2 box to see what
> account is seen on the Server2 box when you try your windows
> authentication connection - I suspect you may see ANONYMOUS or
> something similar
I had actually already tried this. It logs nothing whatsoever, which I
assume means the whole process is aborted before a connection is even
attempted.
> ...You may not be able to connect to a SQL Server that is running...
> http://support.microsoft.com/?id=840219
I was so sure this was going to solve my problem, as it describes it
precisely. Unfortunately, the resolution therein does not help me connect.
In hindsight, I suppose I should not have expected it to help, as my problem
arose after the physical (and network) move. In other words, since Local
Security Policy was not a hurdle before the problem began, why should it be
the cause of the problem?
Is it possible I am merely correlating the network changes with this?
Perhaps a recent Windows Update plays a part...
> - How to troubleshoot connectivity issues in SQL Server 2000 - ID:
> 827422 http://support.microsoft.com/?id=827422
This was actually my starting point. I have no idea where to go from here.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
|||1. I can see you are indeed using Pass-through authentication (this means
you are using a local account with same name and pwd to authenticate) .
You should be seeing an entry in the security log. Can you ensure that the
security policy to enable auditing has been set? If there is a group policy
defined (there should not be if its in a workgroup) then this would
override your local security policy. Also, you can you enable security
auditing on the sql server itself (see BOL topic: SQL Server Properties
(Security Tab))
2. Are you able to connect from some OTHER client? Or do trusted
connections to SRV2 fail from ALL clients?
from your description it seems that trusted connections work from all other
clients except SRV3
3. What is the startup account of the SQL Service account is it the local
administrator account? If not, try setting it to local admin and test your
connection.
4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
connect with trusted auth?
5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3 (with
same password) and see if you can use pass through authentication with
these new accounts (the issue may be account specific)
6. When connecting to SRV2 specify the IP address rather than the network
name - does it now work?
7. Check if the account has "impersonate client after authentication" right
on SRV2 - try for both sql service account and the account trying to log on
8. This error usually refers to security issues. Essentially SQL server is
unable to get information about the NT account that you are trying to use
to connect to it. The fact that you are not seeing an entry in the security
log hints to this as well. You may also want to try running a netmon trace
to see if we ever establish a connection to sql.
9. Does the account have "Access this computer from the network" rights? If
not try adding this right and retry your connection
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||First I'd like to thank you for all of your help - my problem is solved. My
comments (and a question) are inline:
Fany Vargas [MSFT] wrote:
> 1. I can see you are indeed using Pass-through authentication (this
> means you are using a local account with same name and pwd to
> authenticate) . You should be seeing an entry in the security log.
> Can you ensure that the security policy to enable auditing has been
> set? If there is a group policy defined (there should not be if its
> in a workgroup) then this would override your local security policy.
> Also, you can you enable security auditing on the sql server itself
> (see BOL topic: SQL Server Properties (Security Tab))
The security log mirrors my specific error message - once per connection
attempt. None of the policy settings in KB:840219 helped, though this was
not really a surprise, given that only one direction was failing (of the 6
possible between 3 servers), not to mention the fact that this connectivity
problem is new, and I am unaware of recent changes to the policies on either
machine.
> 2. Are you able to connect from some OTHER client? Or do trusted
> connections to SRV2 fail from ALL clients?
> from your description it seems that trusted connections work from all
> other clients except SRV3
Not only that, but trusted connections TO all other servers were fine from
that machine...
> 3. What is the startup account of the SQL Service account is it the
> local administrator account? If not, try setting it to local admin
> and test your connection.
Local System. Changing it had no effect.
> 4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
> connect with trusted auth?
No.
> 5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3
> (with same password) and see if you can use pass through
> authentication with these new accounts (the issue may be account
> specific)
Different accounts did not matter.
> 6. When connecting to SRV2 specify the IP address rather than the
> network name - does it now work?
> 7. Check if the account has "impersonate client after authentication"
> right on SRV2 - try for both sql service account and the account
> trying to log on
> 8. This error usually refers to security issues. Essentially SQL
> server is unable to get information about the NT account that you are
> trying to use to connect to it. The fact that you are not seeing an
> entry in the security log hints to this as well. You may also want
> to try running a netmon trace to see if we ever establish a
> connection to sql.
> 9. Does the account have "Access this computer from the network"
> rights? If not try adding this right and retry your connection
Suffice it to say that I tried all of the above, without solution. Then I
came back the next day and demonstrated the problem to one of our network
guys, and as I walked him through all of the steps I took to show the
different error messages, I got it to work by setting up an alias to use
Named Pipes.
Now, this was one of the first steps I took, as it was the natural place to
start, and I revisited it several times through this ordeal. But it never
led to resolution until Friday. I also noticed on Friday that I could again
map network drives by name rather than IP Address -- I had been getting the
"duplicate name exists on the network" error**
In the end, I am left wondering if this was just some WINS artifact or
something. Is this possible? And even if it were, why would Windows
Authentication fail over IP, but succeed over named pipes?
**Recall that the IP Address changed on both machines. But this drive
mapping error was not preventing Windows Authentication from other machines.
Furthermore, success at drive mapping by IP Address was not paired with
success at SQL Server connection by IP Address.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
|||If named pipes worked and TCP did not (assuming that SQL was indeed
listening on TCP) then it may be an Kerberos - SPN issue. You may have a
duplicate or invalid SPN. To see the list of SPN's you can use the SETSPN
utility
(http://www.microsoft.com/downloads/d...31fd-ab77-46a3
-9cfe-ff01d29e5c46&displaylang=en). However, SPN's should only apply in a
domain environment not a workgroup environment. Let us know if you get any
results when running setspn -L ...
See these references:
* BOL Topic: Security Account Delegation
* PRB: Setspn Fails if Domain Name Differs from NetBIOS Name Where SQL -
ID: 277658 - http://support.microsoft.com/?id=277658
* INF: SQL Server 2000 Kerberos support including SQL Server virtual - ID:
319723 (available at http://support.microsoft.com)
* You receive a "Cannot generate SSPI context" error message when you use -
ID: 824402 (available at http://support.microsoft.com)
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
|||Dave Anderson wrote:
> After an office move...
> SERVER1 --> SERVER2 : Both succeed
> SERVER1 --> SERVER3 : Both succeed
> SERVER2 --> SERVER1 : Both succeed
> SERVER2 --> SERVER3 : Both succeed
> SERVER3 --> SERVER1 : Both succeed
> SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
> authentication returns: Login failed for user '(null)'. Reason: Not
> associated with a trusted SQL Server connection...
One final footnote: I believe I now know the cause of this problem. When we
moved offices, we also consolidated offices. That is to say that groups from
several facilities are now housed at the same place, with a single LAN. And
one of the groups from a different facility brought along a machine with the
same MACHINE NAME as SERVER2 (though ours had the DNS entry).
This appears to be the cause of the "duplicate name" problem with mapping
drives, and is most likely the cause of our SQL Server authentication
nightmares.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
use Windows authentication to connect to one of my SQL Server machines.
Nothing else seems to have changed. This is an example of what I am facing.
For simplicity, I conducted this with Query Analyzer, attempting to connect
via SQL Server authentication and Windows authentication:
SERVER1 --> SERVER2 : Both succeed
SERVER1 --> SERVER3 : Both succeed
SERVER2 --> SERVER1 : Both succeed
SERVER2 --> SERVER3 : Both succeed
SERVER3 --> SERVER1 : Both succeed
SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
authentication returns: Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection.
Server Specs
============
SERVER1 : SQL2K Enterprise Edition, SP3 (8.00.760) on Windows 2000 Server
SERVER2 : SQL2K Developer Edition, SP3a (8.00.818) on Windows 2000 Server
SERVER3 : SQL2K Developer Edition, SP3a (8.00.818) on Windows Server 2003
Named pipes and TCP/IP are enabled on all three (client and network).
SERVER1 sits in our DMZ; its IP Address did not change. SERVERs 2 & 3 got
new addresses and new DNS entries. None is on a domain.
I have seen similar questions posed here, but have yet to see a suggestion
that resolves my problem. Any ideas?
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
If server2 and serv3 are not on a domain what account are you using to log
on with windows authentication? Are you using pass-thru authentication? If
the user being returned is NULL (as in your case) it means the problem is
outside of sql permissions, this means sql cannot even see what account is
trying to log on to it. One example of how this can happen is this:
Server2 is on Workgroup2 - there is a local account User2 - there is NO
local account User3 on this machine
Server3 is on Workgroup3 - there is a local account User3 - there is NO
local account User2 on this machine
So now if I log on to Server3 as user User3, and then use windows
authentication to connect to server2 this would fail since on the Server2
no account User3 exists, what you would usually see is a login entry in the
SECURITY log on server2 for an account: ANONYMOUS (which by default does
not have permissions into SQL Server).
To troubleshoot this issue I would recommend
1. If you are using PASS-THROUGH authentication (per my example above),
create an account User3 on your Server2 box which has the same name and
password as the user3 account on Server3
2. Enable security account auditing on your Server2 box to see what account
is seen on the Server2 box when you try your windows authentication
connection - I suspect you may see ANONYMOUS or something similar
3. Check these articles as well:
- BOL topic: Security Account Delegation
- You may not be able to connect to a SQL Server that is running on a - ID:
840219
http://support.microsoft.com/?id=840219
- How to troubleshoot connectivity issues in SQL Server 2000 - ID: 827422
http://support.microsoft.com/?id=827422
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||Fany Vargas [MSFT] wrote:
> If server2 and serv3 are not on a domain what account are you
> using to log on with windows authentication?
I am using local accounts on both servers, in which the account name &
password are identical. Recall that SERV2 --> SERV3 is successful with
Windows Authentication, but SERV3 --> SERV2 is not.
> Are you using pass-thru authentication?
I'm not sure what you mean by this. If I select "Windows Authentication"
when connecting (whether in a SQL Server tool or with something like a UDL
file setup), the one direction fails while the other succeeds...
> 1. If you are using PASS-THROUGH authentication (per my example
> above), create an account User3 on your Server2 box which has the
> same name and password as the user3 account on Server3
Aready there...
> 2. Enable security account auditing on your Server2 box to see what
> account is seen on the Server2 box when you try your windows
> authentication connection - I suspect you may see ANONYMOUS or
> something similar
I had actually already tried this. It logs nothing whatsoever, which I
assume means the whole process is aborted before a connection is even
attempted.
> ...You may not be able to connect to a SQL Server that is running...
> http://support.microsoft.com/?id=840219
I was so sure this was going to solve my problem, as it describes it
precisely. Unfortunately, the resolution therein does not help me connect.
In hindsight, I suppose I should not have expected it to help, as my problem
arose after the physical (and network) move. In other words, since Local
Security Policy was not a hurdle before the problem began, why should it be
the cause of the problem?
Is it possible I am merely correlating the network changes with this?
Perhaps a recent Windows Update plays a part...
> - How to troubleshoot connectivity issues in SQL Server 2000 - ID:
> 827422 http://support.microsoft.com/?id=827422
This was actually my starting point. I have no idea where to go from here.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
|||1. I can see you are indeed using Pass-through authentication (this means
you are using a local account with same name and pwd to authenticate) .
You should be seeing an entry in the security log. Can you ensure that the
security policy to enable auditing has been set? If there is a group policy
defined (there should not be if its in a workgroup) then this would
override your local security policy. Also, you can you enable security
auditing on the sql server itself (see BOL topic: SQL Server Properties
(Security Tab))
2. Are you able to connect from some OTHER client? Or do trusted
connections to SRV2 fail from ALL clients?
from your description it seems that trusted connections work from all other
clients except SRV3
3. What is the startup account of the SQL Service account is it the local
administrator account? If not, try setting it to local admin and test your
connection.
4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
connect with trusted auth?
5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3 (with
same password) and see if you can use pass through authentication with
these new accounts (the issue may be account specific)
6. When connecting to SRV2 specify the IP address rather than the network
name - does it now work?
7. Check if the account has "impersonate client after authentication" right
on SRV2 - try for both sql service account and the account trying to log on
8. This error usually refers to security issues. Essentially SQL server is
unable to get information about the NT account that you are trying to use
to connect to it. The fact that you are not seeing an entry in the security
log hints to this as well. You may also want to try running a netmon trace
to see if we ever establish a connection to sql.
9. Does the account have "Access this computer from the network" rights? If
not try adding this right and retry your connection
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||First I'd like to thank you for all of your help - my problem is solved. My
comments (and a question) are inline:
Fany Vargas [MSFT] wrote:
> 1. I can see you are indeed using Pass-through authentication (this
> means you are using a local account with same name and pwd to
> authenticate) . You should be seeing an entry in the security log.
> Can you ensure that the security policy to enable auditing has been
> set? If there is a group policy defined (there should not be if its
> in a workgroup) then this would override your local security policy.
> Also, you can you enable security auditing on the sql server itself
> (see BOL topic: SQL Server Properties (Security Tab))
The security log mirrors my specific error message - once per connection
attempt. None of the policy settings in KB:840219 helped, though this was
not really a surprise, given that only one direction was failing (of the 6
possible between 3 servers), not to mention the fact that this connectivity
problem is new, and I am unaware of recent changes to the policies on either
machine.
> 2. Are you able to connect from some OTHER client? Or do trusted
> connections to SRV2 fail from ALL clients?
> from your description it seems that trusted connections work from all
> other clients except SRV3
Not only that, but trusted connections TO all other servers were fine from
that machine...
> 3. What is the startup account of the SQL Service account is it the
> local administrator account? If not, try setting it to local admin
> and test your connection.
Local System. Changing it had no effect.
> 4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
> connect with trusted auth?
No.
> 5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3
> (with same password) and see if you can use pass through
> authentication with these new accounts (the issue may be account
> specific)
Different accounts did not matter.
> 6. When connecting to SRV2 specify the IP address rather than the
> network name - does it now work?
> 7. Check if the account has "impersonate client after authentication"
> right on SRV2 - try for both sql service account and the account
> trying to log on
> 8. This error usually refers to security issues. Essentially SQL
> server is unable to get information about the NT account that you are
> trying to use to connect to it. The fact that you are not seeing an
> entry in the security log hints to this as well. You may also want
> to try running a netmon trace to see if we ever establish a
> connection to sql.
> 9. Does the account have "Access this computer from the network"
> rights? If not try adding this right and retry your connection
Suffice it to say that I tried all of the above, without solution. Then I
came back the next day and demonstrated the problem to one of our network
guys, and as I walked him through all of the steps I took to show the
different error messages, I got it to work by setting up an alias to use
Named Pipes.
Now, this was one of the first steps I took, as it was the natural place to
start, and I revisited it several times through this ordeal. But it never
led to resolution until Friday. I also noticed on Friday that I could again
map network drives by name rather than IP Address -- I had been getting the
"duplicate name exists on the network" error**
In the end, I am left wondering if this was just some WINS artifact or
something. Is this possible? And even if it were, why would Windows
Authentication fail over IP, but succeed over named pipes?
**Recall that the IP Address changed on both machines. But this drive
mapping error was not preventing Windows Authentication from other machines.
Furthermore, success at drive mapping by IP Address was not paired with
success at SQL Server connection by IP Address.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
|||If named pipes worked and TCP did not (assuming that SQL was indeed
listening on TCP) then it may be an Kerberos - SPN issue. You may have a
duplicate or invalid SPN. To see the list of SPN's you can use the SETSPN
utility
(http://www.microsoft.com/downloads/d...31fd-ab77-46a3
-9cfe-ff01d29e5c46&displaylang=en). However, SPN's should only apply in a
domain environment not a workgroup environment. Let us know if you get any
results when running setspn -L ...
See these references:
* BOL Topic: Security Account Delegation
* PRB: Setspn Fails if Domain Name Differs from NetBIOS Name Where SQL -
ID: 277658 - http://support.microsoft.com/?id=277658
* INF: SQL Server 2000 Kerberos support including SQL Server virtual - ID:
319723 (available at http://support.microsoft.com)
* You receive a "Cannot generate SSPI context" error message when you use -
ID: 824402 (available at http://support.microsoft.com)
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
|||Dave Anderson wrote:
> After an office move...
> SERVER1 --> SERVER2 : Both succeed
> SERVER1 --> SERVER3 : Both succeed
> SERVER2 --> SERVER1 : Both succeed
> SERVER2 --> SERVER3 : Both succeed
> SERVER3 --> SERVER1 : Both succeed
> SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
> authentication returns: Login failed for user '(null)'. Reason: Not
> associated with a trusted SQL Server connection...
One final footnote: I believe I now know the cause of this problem. When we
moved offices, we also consolidated offices. That is to say that groups from
several facilities are now housed at the same place, with a single LAN. And
one of the groups from a different facility brought along a machine with the
same MACHINE NAME as SERVER2 (though ours had the DNS entry).
This appears to be the cause of the "duplicate name" problem with mapping
drives, and is most likely the cause of our SQL Server authentication
nightmares.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server conne
After an office move (accompanied by IP Address changes), I can no longer
use Windows authentication to connect to one of my SQL Server machines.
Nothing else seems to have changed. This is an example of what I am facing.
For simplicity, I conducted this with Query Analyzer, attempting to connect
via SQL Server authentication and Windows authentication:
SERVER1 --> SERVER2 : Both succeed
SERVER1 --> SERVER3 : Both succeed
SERVER2 --> SERVER1 : Both succeed
SERVER2 --> SERVER3 : Both succeed
SERVER3 --> SERVER1 : Both succeed
SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
authentication returns: Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection.
Server Specs
============
SERVER1 : SQL2K Enterprise Edition, SP3 (8.00.760) on Windows 2000 Server
SERVER2 : SQL2K Developer Edition, SP3a (8.00.818) on Windows 2000 Server
SERVER3 : SQL2K Developer Edition, SP3a (8.00.818) on Windows Server 2003
Named pipes and TCP/IP are enabled on all three (client and network).
SERVER1 sits in our DMZ; its IP Address did not change. SERVERs 2 & 3 got
new addresses and new DNS entries. None is on a domain.
I have seen similar questions posed here, but have yet to see a suggestion
that resolves my problem. Any ideas?
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.If server2 and serv3 are not on a domain what account are you using to log
on with windows authentication? Are you using pass-thru authentication? If
the user being returned is NULL (as in your case) it means the problem is
outside of sql permissions, this means sql cannot even see what account is
trying to log on to it. One example of how this can happen is this:
Server2 is on Workgroup2 - there is a local account User2 - there is NO
local account User3 on this machine
Server3 is on Workgroup3 - there is a local account User3 - there is NO
local account User2 on this machine
So now if I log on to Server3 as user User3, and then use windows
authentication to connect to server2 this would fail since on the Server2
no account User3 exists, what you would usually see is a login entry in the
SECURITY log on server2 for an account: ANONYMOUS (which by default does
not have permissions into SQL Server).
To troubleshoot this issue I would recommend
1. If you are using PASS-THROUGH authentication (per my example above),
create an account User3 on your Server2 box which has the same name and
password as the user3 account on Server3
2. Enable security account auditing on your Server2 box to see what account
is seen on the Server2 box when you try your windows authentication
connection - I suspect you may see ANONYMOUS or something similar
3. Check these articles as well:
- BOL topic: Security Account Delegation
- You may not be able to connect to a SQL Server that is running on a - ID:
840219
http://support.microsoft.com/?id=840219
- How to troubleshoot connectivity issues in SQL Server 2000 - ID: 827422
http://support.microsoft.com/?id=827422
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx|||Fany Vargas [MSFT] wrote:
> If server2 and serv3 are not on a domain what account are you
> using to log on with windows authentication?
I am using local accounts on both servers, in which the account name &
password are identical. Recall that SERV2 --> SERV3 is successful with
Windows Authentication, but SERV3 --> SERV2 is not.
> Are you using pass-thru authentication?
I'm not sure what you mean by this. If I select "Windows Authentication"
when connecting (whether in a SQL Server tool or with something like a UDL
file setup), the one direction fails while the other succeeds...
> 1. If you are using PASS-THROUGH authentication (per my example
> above), create an account User3 on your Server2 box which has the
> same name and password as the user3 account on Server3
Aready there...
> 2. Enable security account auditing on your Server2 box to see what
> account is seen on the Server2 box when you try your windows
> authentication connection - I suspect you may see ANONYMOUS or
> something similar
I had actually already tried this. It logs nothing whatsoever, which I
assume means the whole process is aborted before a connection is even
attempted.
> ...You may not be able to connect to a SQL Server that is running...
> http://support.microsoft.com/?id=840219
I was so sure this was going to solve my problem, as it describes it
precisely. Unfortunately, the resolution therein does not help me connect.
In hindsight, I suppose I should not have expected it to help, as my problem
arose after the physical (and network) move. In other words, since Local
Security Policy was not a hurdle before the problem began, why should it be
the cause of the problem?
Is it possible I am merely correlating the network changes with this?
Perhaps a recent Windows Update plays a part...
> - How to troubleshoot connectivity issues in SQL Server 2000 - ID:
> 827422 http://support.microsoft.com/?id=827422
This was actually my starting point. I have no idea where to go from here.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.|||1. I can see you are indeed using Pass-through authentication (this means
you are using a local account with same name and pwd to authenticate) .
You should be seeing an entry in the security log. Can you ensure that the
security policy to enable auditing has been set? If there is a group policy
defined (there should not be if its in a workgroup) then this would
override your local security policy. Also, you can you enable security
auditing on the sql server itself (see BOL topic: SQL Server Properties
(Security Tab))
2. Are you able to connect from some OTHER client? Or do trusted
connections to SRV2 fail from ALL clients?
from your description it seems that trusted connections work from all other
clients except SRV3
3. What is the startup account of the SQL Service account is it the local
administrator account? If not, try setting it to local admin and test your
connection.
4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
connect with trusted auth?
5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3 (with
same password) and see if you can use pass through authentication with
these new accounts (the issue may be account specific)
6. When connecting to SRV2 specify the IP address rather than the network
name - does it now work?
7. Check if the account has "impersonate client after authentication" right
on SRV2 - try for both sql service account and the account trying to log on
8. This error usually refers to security issues. Essentially SQL server is
unable to get information about the NT account that you are trying to use
to connect to it. The fact that you are not seeing an entry in the security
log hints to this as well. You may also want to try running a netmon trace
to see if we ever establish a connection to sql.
9. Does the account have "Access this computer from the network" rights? If
not try adding this right and retry your connection
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx|||First I'd like to thank you for all of your help - my problem is solved. My
comments (and a question) are inline:
Fany Vargas [MSFT] wrote:
> 1. I can see you are indeed using Pass-through authentication (this
> means you are using a local account with same name and pwd to
> authenticate) . You should be seeing an entry in the security log.
> Can you ensure that the security policy to enable auditing has been
> set? If there is a group policy defined (there should not be if its
> in a workgroup) then this would override your local security policy.
> Also, you can you enable security auditing on the sql server itself
> (see BOL topic: SQL Server Properties (Security Tab))
The security log mirrors my specific error message - once per connection
attempt. None of the policy settings in KB:840219 helped, though this was
not really a surprise, given that only one direction was failing (of the 6
possible between 3 servers), not to mention the fact that this connectivity
problem is new, and I am unaware of recent changes to the policies on either
machine.
> 2. Are you able to connect from some OTHER client? Or do trusted
> connections to SRV2 fail from ALL clients?
> from your description it seems that trusted connections work from all
> other clients except SRV3
Not only that, but trusted connections TO all other servers were fine from
that machine...
> 3. What is the startup account of the SQL Service account is it the
> local administrator account? If not, try setting it to local admin
> and test your connection.
Local System. Changing it had no effect.
> 4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
> connect with trusted auth?
No.
> 5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3
> (with same password) and see if you can use pass through
> authentication with these new accounts (the issue may be account
> specific)
Different accounts did not matter.
> 6. When connecting to SRV2 specify the IP address rather than the
> network name - does it now work?
> 7. Check if the account has "impersonate client after authentication"
> right on SRV2 - try for both sql service account and the account
> trying to log on
> 8. This error usually refers to security issues. Essentially SQL
> server is unable to get information about the NT account that you are
> trying to use to connect to it. The fact that you are not seeing an
> entry in the security log hints to this as well. You may also want
> to try running a netmon trace to see if we ever establish a
> connection to sql.
> 9. Does the account have "Access this computer from the network"
> rights? If not try adding this right and retry your connection
Suffice it to say that I tried all of the above, without solution. Then I
came back the next day and demonstrated the problem to one of our network
guys, and as I walked him through all of the steps I took to show the
different error messages, I got it to work by setting up an alias to use
Named Pipes.
Now, this was one of the first steps I took, as it was the natural place to
start, and I revisited it several times through this ordeal. But it never
led to resolution until Friday. I also noticed on Friday that I could again
map network drives by name rather than IP Address -- I had been getting the
"duplicate name exists on the network" error**
In the end, I am left wondering if this was just some WINS artifact or
something. Is this possible? And even if it were, why would Windows
Authentication fail over IP, but succeed over named pipes?
**Recall that the IP Address changed on both machines. But this drive
mapping error was not preventing Windows Authentication from other machines.
Furthermore, success at drive mapping by IP Address was not paired with
success at SQL Server connection by IP Address.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.|||If named pipes worked and TCP did not (assuming that SQL was indeed
listening on TCP) then it may be an Kerberos - SPN issue. You may have a
duplicate or invalid SPN. To see the list of SPN's you can use the SETSPN
utility
(http://www.microsoft.com/downloads/...831fd-ab77-46a3
-9cfe-ff01d29e5c46&displaylang=en). However, SPN's should only apply in a
domain environment not a workgroup environment. Let us know if you get any
results when running setspn -L ...
See these references:
* BOL Topic: Security Account Delegation
* PRB: Setspn Fails if Domain Name Differs from NetBIOS Name Where SQL -
ID: 277658 - http://support.microsoft.com/?id=277658
* INF: SQL Server 2000 Kerberos support including SQL Server virtual - ID:
319723 (available at http://support.microsoft.com)
* You receive a "Cannot generate SSPI context" error message when you use -
ID: 824402 (available at http://support.microsoft.com)
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.|||Dave Anderson wrote:
> After an office move...
> SERVER1 --> SERVER2 : Both succeed
> SERVER1 --> SERVER3 : Both succeed
> SERVER2 --> SERVER1 : Both succeed
> SERVER2 --> SERVER3 : Both succeed
> SERVER3 --> SERVER1 : Both succeed
> SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
> authentication returns: Login failed for user '(null)'. Reason: Not
> associated with a trusted SQL Server connection...
One final footnote: I believe I now know the cause of this problem. When we
moved offices, we also consolidated offices. That is to say that groups from
several facilities are now housed at the same place, with a single LAN. And
one of the groups from a different facility brought along a machine with the
same MACHINE NAME as SERVER2 (though ours had the DNS entry).
This appears to be the cause of the "duplicate name" problem with mapping
drives, and is most likely the cause of our SQL Server authentication
nightmares.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
use Windows authentication to connect to one of my SQL Server machines.
Nothing else seems to have changed. This is an example of what I am facing.
For simplicity, I conducted this with Query Analyzer, attempting to connect
via SQL Server authentication and Windows authentication:
SERVER1 --> SERVER2 : Both succeed
SERVER1 --> SERVER3 : Both succeed
SERVER2 --> SERVER1 : Both succeed
SERVER2 --> SERVER3 : Both succeed
SERVER3 --> SERVER1 : Both succeed
SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
authentication returns: Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection.
Server Specs
============
SERVER1 : SQL2K Enterprise Edition, SP3 (8.00.760) on Windows 2000 Server
SERVER2 : SQL2K Developer Edition, SP3a (8.00.818) on Windows 2000 Server
SERVER3 : SQL2K Developer Edition, SP3a (8.00.818) on Windows Server 2003
Named pipes and TCP/IP are enabled on all three (client and network).
SERVER1 sits in our DMZ; its IP Address did not change. SERVERs 2 & 3 got
new addresses and new DNS entries. None is on a domain.
I have seen similar questions posed here, but have yet to see a suggestion
that resolves my problem. Any ideas?
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.If server2 and serv3 are not on a domain what account are you using to log
on with windows authentication? Are you using pass-thru authentication? If
the user being returned is NULL (as in your case) it means the problem is
outside of sql permissions, this means sql cannot even see what account is
trying to log on to it. One example of how this can happen is this:
Server2 is on Workgroup2 - there is a local account User2 - there is NO
local account User3 on this machine
Server3 is on Workgroup3 - there is a local account User3 - there is NO
local account User2 on this machine
So now if I log on to Server3 as user User3, and then use windows
authentication to connect to server2 this would fail since on the Server2
no account User3 exists, what you would usually see is a login entry in the
SECURITY log on server2 for an account: ANONYMOUS (which by default does
not have permissions into SQL Server).
To troubleshoot this issue I would recommend
1. If you are using PASS-THROUGH authentication (per my example above),
create an account User3 on your Server2 box which has the same name and
password as the user3 account on Server3
2. Enable security account auditing on your Server2 box to see what account
is seen on the Server2 box when you try your windows authentication
connection - I suspect you may see ANONYMOUS or something similar
3. Check these articles as well:
- BOL topic: Security Account Delegation
- You may not be able to connect to a SQL Server that is running on a - ID:
840219
http://support.microsoft.com/?id=840219
- How to troubleshoot connectivity issues in SQL Server 2000 - ID: 827422
http://support.microsoft.com/?id=827422
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx|||Fany Vargas [MSFT] wrote:
> If server2 and serv3 are not on a domain what account are you
> using to log on with windows authentication?
I am using local accounts on both servers, in which the account name &
password are identical. Recall that SERV2 --> SERV3 is successful with
Windows Authentication, but SERV3 --> SERV2 is not.
> Are you using pass-thru authentication?
I'm not sure what you mean by this. If I select "Windows Authentication"
when connecting (whether in a SQL Server tool or with something like a UDL
file setup), the one direction fails while the other succeeds...
> 1. If you are using PASS-THROUGH authentication (per my example
> above), create an account User3 on your Server2 box which has the
> same name and password as the user3 account on Server3
Aready there...
> 2. Enable security account auditing on your Server2 box to see what
> account is seen on the Server2 box when you try your windows
> authentication connection - I suspect you may see ANONYMOUS or
> something similar
I had actually already tried this. It logs nothing whatsoever, which I
assume means the whole process is aborted before a connection is even
attempted.
> ...You may not be able to connect to a SQL Server that is running...
> http://support.microsoft.com/?id=840219
I was so sure this was going to solve my problem, as it describes it
precisely. Unfortunately, the resolution therein does not help me connect.
In hindsight, I suppose I should not have expected it to help, as my problem
arose after the physical (and network) move. In other words, since Local
Security Policy was not a hurdle before the problem began, why should it be
the cause of the problem?
Is it possible I am merely correlating the network changes with this?
Perhaps a recent Windows Update plays a part...
> - How to troubleshoot connectivity issues in SQL Server 2000 - ID:
> 827422 http://support.microsoft.com/?id=827422
This was actually my starting point. I have no idea where to go from here.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.|||1. I can see you are indeed using Pass-through authentication (this means
you are using a local account with same name and pwd to authenticate) .
You should be seeing an entry in the security log. Can you ensure that the
security policy to enable auditing has been set? If there is a group policy
defined (there should not be if its in a workgroup) then this would
override your local security policy. Also, you can you enable security
auditing on the sql server itself (see BOL topic: SQL Server Properties
(Security Tab))
2. Are you able to connect from some OTHER client? Or do trusted
connections to SRV2 fail from ALL clients?
from your description it seems that trusted connections work from all other
clients except SRV3
3. What is the startup account of the SQL Service account is it the local
administrator account? If not, try setting it to local admin and test your
connection.
4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
connect with trusted auth?
5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3 (with
same password) and see if you can use pass through authentication with
these new accounts (the issue may be account specific)
6. When connecting to SRV2 specify the IP address rather than the network
name - does it now work?
7. Check if the account has "impersonate client after authentication" right
on SRV2 - try for both sql service account and the account trying to log on
8. This error usually refers to security issues. Essentially SQL server is
unable to get information about the NT account that you are trying to use
to connect to it. The fact that you are not seeing an entry in the security
log hints to this as well. You may also want to try running a netmon trace
to see if we ever establish a connection to sql.
9. Does the account have "Access this computer from the network" rights? If
not try adding this right and retry your connection
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection
Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their
Microsoft software to better protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx|||First I'd like to thank you for all of your help - my problem is solved. My
comments (and a question) are inline:
Fany Vargas [MSFT] wrote:
> 1. I can see you are indeed using Pass-through authentication (this
> means you are using a local account with same name and pwd to
> authenticate) . You should be seeing an entry in the security log.
> Can you ensure that the security policy to enable auditing has been
> set? If there is a group policy defined (there should not be if its
> in a workgroup) then this would override your local security policy.
> Also, you can you enable security auditing on the sql server itself
> (see BOL topic: SQL Server Properties (Security Tab))
The security log mirrors my specific error message - once per connection
attempt. None of the policy settings in KB:840219 helped, though this was
not really a surprise, given that only one direction was failing (of the 6
possible between 3 servers), not to mention the fact that this connectivity
problem is new, and I am unaware of recent changes to the policies on either
machine.
> 2. Are you able to connect from some OTHER client? Or do trusted
> connections to SRV2 fail from ALL clients?
> from your description it seems that trusted connections work from all
> other clients except SRV3
Not only that, but trusted connections TO all other servers were fine from
that machine...
> 3. What is the startup account of the SQL Service account is it the
> local administrator account? If not, try setting it to local admin
> and test your connection.
Local System. Changing it had no effect.
> 4. On SRV3 try creating an LMHOST entry for SRV2, are you now able to
> connect with trusted auth?
No.
> 5. Can you create a new account TESTACCOUNT on both SRV2 and SRV3
> (with same password) and see if you can use pass through
> authentication with these new accounts (the issue may be account
> specific)
Different accounts did not matter.
> 6. When connecting to SRV2 specify the IP address rather than the
> network name - does it now work?
> 7. Check if the account has "impersonate client after authentication"
> right on SRV2 - try for both sql service account and the account
> trying to log on
> 8. This error usually refers to security issues. Essentially SQL
> server is unable to get information about the NT account that you are
> trying to use to connect to it. The fact that you are not seeing an
> entry in the security log hints to this as well. You may also want
> to try running a netmon trace to see if we ever establish a
> connection to sql.
> 9. Does the account have "Access this computer from the network"
> rights? If not try adding this right and retry your connection
Suffice it to say that I tried all of the above, without solution. Then I
came back the next day and demonstrated the problem to one of our network
guys, and as I walked him through all of the steps I took to show the
different error messages, I got it to work by setting up an alias to use
Named Pipes.
Now, this was one of the first steps I took, as it was the natural place to
start, and I revisited it several times through this ordeal. But it never
led to resolution until Friday. I also noticed on Friday that I could again
map network drives by name rather than IP Address -- I had been getting the
"duplicate name exists on the network" error**
In the end, I am left wondering if this was just some WINS artifact or
something. Is this possible? And even if it were, why would Windows
Authentication fail over IP, but succeed over named pipes?
**Recall that the IP Address changed on both machines. But this drive
mapping error was not preventing Windows Authentication from other machines.
Furthermore, success at drive mapping by IP Address was not paired with
success at SQL Server connection by IP Address.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.|||If named pipes worked and TCP did not (assuming that SQL was indeed
listening on TCP) then it may be an Kerberos - SPN issue. You may have a
duplicate or invalid SPN. To see the list of SPN's you can use the SETSPN
utility
(http://www.microsoft.com/downloads/...831fd-ab77-46a3
-9cfe-ff01d29e5c46&displaylang=en). However, SPN's should only apply in a
domain environment not a workgroup environment. Let us know if you get any
results when running setspn -L ...
See these references:
* BOL Topic: Security Account Delegation
* PRB: Setspn Fails if Domain Name Differs from NetBIOS Name Where SQL -
ID: 277658 - http://support.microsoft.com/?id=277658
* INF: SQL Server 2000 Kerberos support including SQL Server virtual - ID:
319723 (available at http://support.microsoft.com)
* You receive a "Cannot generate SSPI context" error message when you use -
ID: 824402 (available at http://support.microsoft.com)
Fany Vargas
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.|||Dave Anderson wrote:
> After an office move...
> SERVER1 --> SERVER2 : Both succeed
> SERVER1 --> SERVER3 : Both succeed
> SERVER2 --> SERVER1 : Both succeed
> SERVER2 --> SERVER3 : Both succeed
> SERVER3 --> SERVER1 : Both succeed
> SERVER3 --> SERVER2 : SQL Server Authentication succeeds, but Windows
> authentication returns: Login failed for user '(null)'. Reason: Not
> associated with a trusted SQL Server connection...
One final footnote: I believe I now know the cause of this problem. When we
moved offices, we also consolidated offices. That is to say that groups from
several facilities are now housed at the same place, with a single LAN. And
one of the groups from a different facility brought along a machine with the
same MACHINE NAME as SERVER2 (though ours had the DNS entry).
This appears to be the cause of the "duplicate name" problem with mapping
drives, and is most likely the cause of our SQL Server authentication
nightmares.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Login failed for user (null).
I have an issue dealing with connectivity between the client and Sql Server Services or Sql Authentication. I keep receiving this type of error message:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
I am sure my connection string is correct within my web config file, I have something like this:
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
The reason why I think the connection string is correct is because I have a server where my asp.net application is stored and used, this server is called server1. Server1 is connected to MS-SQL server that is installed and used onserver2.When I run my application fromserver1 everything is perfect, nothing goes wrong, but when I run the application from my client or local machine I get the error message saying not associated with a trusted site.
Now I have the web config set to <identity impersonate="true"> that will allow windows Authentication, and I set the permissions within the database to use NT AUTHORITY \ NETWORK SERVICE as a user, plus my own network credentials are set within user on the database, just so I could troubleshoot the problem. But I still get the error message not associated with a trusted site.
Just to recap my problem, I can see the data when I run the application inServer1,but I can't see the data when I run the application from my local machine.
http://server1/MyApplication.aspx <-- this is an example of the url that I enter on my local machine to acces the application. Plus I have full acces toserver1,and other application are running just fine from this server.
I am using visual studio 2005, but using sql 2000, with the latest service pack for windows XP pro.
thanks,
xyz789
Your connection string is missing your username and password for SqlAuthentication. The reason why it works on server is because its using windows authentication.
It sounds like this is what you intended though. If so, you need to specifiy which user to impersonate by setting the network credentials in your code behind.
I am still a little lost, I thought the <identity impersonate=true> would pick up any user credentials if they were accessing the application on the network. I am not understanding how you check network credentials in the code behind? Do you have an example that you could share with me?
thanks,
xyz789
|||Hi xyz789,
Generally speaking, you will receive this "Not associated with a trusted SQL Server connection"message when the SQL Serversecurity authentication is set toWindows onlyunder these 3 cases:
1.You are trying to connect to a SQL Server database with a SQL Server login.
2.You are trying to connect to a SQL Server 2000 Desktop Engine (also known as MSDE 2000) database that is installed on a Microsoft Windows 98-based computer by using a trusted SQL Server connection.
3.You are trying to connect to a SQL Server database from a Windows account that does not have sufficient permissions to connect to the server.
|||Thank you, that solved the problem.
xyz789
Login failed for user (null) error when trying to use Windows authentication
I'm working on an ASP.NET project, and we're attempting to switch from SQL Server authentication to Windows authentication to connect to the database.
It works fine locally when I debug in Visual Studio, but when it hits the web server, I get the error: "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection."
IIS has anonymous access disabled, and Integrated Windows Authentication is checked. The web.config file has:
<authentication mode="Windows"/>
<identity impersonate="true"/>
The database I'm attempting to access is on a different machine than IIS, and the connection string doesn't contain a username or password, and has "Trusted_Connection=Yes", and "Integrated Security=SSPI".
From what I've been able to find online, I'm guessing the problem is due to IIS and SQL Server residing on different machines, but I'm not sure how to fix it.
Any ideas?
You might find this blog post fromranganh to be helpful:You may receive the error "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection" - Part II|||Correct me if I'm wrong, but won't the solution in that blog preventSQL Server from differentiating between different Windows users?
I need to actually pass the Windows user information to SQL, asdifferent users have different permissions to certain stored procedures.|||A follow-up:
I read this article:
http://www.awprofessional.com/articles/article.asp?p=350387&rl=1
As per its advice, I checked the web server in Active Directory, andenabled it for delegation. We're waiting for the changes to propegate,but maybe this will solve the problem.
Friday, March 23, 2012
login failed for user '(null)'
My variation of this problem is as follows:
the server has the Windows authentication mode, I'am aware of it so I make
sure I comply with it in my connection attempt (through Enterprise Manager).
I attempt to
connect from another PC. Both the client PC and the server have the same
range of users, same names and passwords. When I connect to an sql server on
a server 2003 box, it works. When I connect to an sql server on an XP box, it
fails (login failed for user '(null)'. I made sure the security envronment is
identical for both (same logins, authentication mode etc). All computers are
in the same workgroup (no domain). When the guest account is included as an
allowable account for the sql server, it connects to the xp box, otherwise -
it fails. And it always connects locally (when I use the local Enterprise
Manager). Any suggestions?
Authentication is done using the guest account when simple
file sharing is enabled on XP - you can change it on XP Pro
but not XP home as simple file sharing is always enabled on
XP Home. Refer to the following for more info:
SQL Server clients are authenticated as guests if Simple
File Sharing is enabled
http://support.microsoft.com/?id=831133
-Sue
On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
<lange@.discussions.microsoft.com> wrote:
>My variation of this problem is as follows:
>the server has the Windows authentication mode, I'am aware of it so I make
>sure I comply with it in my connection attempt (through Enterprise Manager).
>I attempt to
>connect from another PC. Both the client PC and the server have the same
>range of users, same names and passwords. When I connect to an sql server on
>a server 2003 box, it works. When I connect to an sql server on an XP box, it
>fails (login failed for user '(null)'. I made sure the security envronment is
>identical for both (same logins, authentication mode etc). All computers are
>in the same workgroup (no domain). When the guest account is included as an
>allowable account for the sql server, it connects to the xp box, otherwise -
>it fails. And it always connects locally (when I use the local Enterprise
>Manager). Any suggestions?
|||Thanks Sue. Actually I cannot ascertain what mode my file sharing was in,
because
I reinstalled Windows XP, but before I did that I had fixed the problem in a
different
way, although it may boil down to the same: it was about local group
policies. It's not that easily accessible:
you need to run gpedit.msc, navigate to:
Computer Configuration
Windows Settings
Security Settings
Local Policies
Security Options
there is an option there: "sharing and security model for local accounts"
it can be either :"classic" or "guest only". What is needed there is
"classic" of course. If think your solution may implicitly include toggling
this setting and it is easily accessible whereas what I did is not.
"Sue Hoegemeier" wrote:
> Authentication is done using the guest account when simple
> file sharing is enabled on XP - you can change it on XP Pro
> but not XP home as simple file sharing is always enabled on
> XP Home. Refer to the following for more info:
> SQL Server clients are authenticated as guests if Simple
> File Sharing is enabled
> http://support.microsoft.com/?id=831133
> -Sue
> On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
> <lange@.discussions.microsoft.com> wrote:
>
>
sql
the server has the Windows authentication mode, I'am aware of it so I make
sure I comply with it in my connection attempt (through Enterprise Manager).
I attempt to
connect from another PC. Both the client PC and the server have the same
range of users, same names and passwords. When I connect to an sql server on
a server 2003 box, it works. When I connect to an sql server on an XP box, it
fails (login failed for user '(null)'. I made sure the security envronment is
identical for both (same logins, authentication mode etc). All computers are
in the same workgroup (no domain). When the guest account is included as an
allowable account for the sql server, it connects to the xp box, otherwise -
it fails. And it always connects locally (when I use the local Enterprise
Manager). Any suggestions?
Authentication is done using the guest account when simple
file sharing is enabled on XP - you can change it on XP Pro
but not XP home as simple file sharing is always enabled on
XP Home. Refer to the following for more info:
SQL Server clients are authenticated as guests if Simple
File Sharing is enabled
http://support.microsoft.com/?id=831133
-Sue
On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
<lange@.discussions.microsoft.com> wrote:
>My variation of this problem is as follows:
>the server has the Windows authentication mode, I'am aware of it so I make
>sure I comply with it in my connection attempt (through Enterprise Manager).
>I attempt to
>connect from another PC. Both the client PC and the server have the same
>range of users, same names and passwords. When I connect to an sql server on
>a server 2003 box, it works. When I connect to an sql server on an XP box, it
>fails (login failed for user '(null)'. I made sure the security envronment is
>identical for both (same logins, authentication mode etc). All computers are
>in the same workgroup (no domain). When the guest account is included as an
>allowable account for the sql server, it connects to the xp box, otherwise -
>it fails. And it always connects locally (when I use the local Enterprise
>Manager). Any suggestions?
|||Thanks Sue. Actually I cannot ascertain what mode my file sharing was in,
because
I reinstalled Windows XP, but before I did that I had fixed the problem in a
different
way, although it may boil down to the same: it was about local group
policies. It's not that easily accessible:
you need to run gpedit.msc, navigate to:
Computer Configuration
Windows Settings
Security Settings
Local Policies
Security Options
there is an option there: "sharing and security model for local accounts"
it can be either :"classic" or "guest only". What is needed there is
"classic" of course. If think your solution may implicitly include toggling
this setting and it is easily accessible whereas what I did is not.
"Sue Hoegemeier" wrote:
> Authentication is done using the guest account when simple
> file sharing is enabled on XP - you can change it on XP Pro
> but not XP home as simple file sharing is always enabled on
> XP Home. Refer to the following for more info:
> SQL Server clients are authenticated as guests if Simple
> File Sharing is enabled
> http://support.microsoft.com/?id=831133
> -Sue
> On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
> <lange@.discussions.microsoft.com> wrote:
>
>
sql
login failed for user '(null)'
My variation of this problem is as follows:
the server has the Windows authentication mode, I'am aware of it so I make
sure I comply with it in my connection attempt (through Enterprise Manager).
I attempt to
connect from another PC. Both the client PC and the server have the same
range of users, same names and passwords. When I connect to an sql server on
a server 2003 box, it works. When I connect to an sql server on an XP box, i
t
fails (login failed for user '(null)'. I made sure the security envronment i
s
identical for both (same logins, authentication mode etc). All computers are
in the same workgroup (no domain). When the guest account is included as an
allowable account for the sql server, it connects to the xp box, otherwise -
it fails. And it always connects locally (when I use the local Enterprise
Manager). Any suggestions?Authentication is done using the guest account when simple
file sharing is enabled on XP - you can change it on XP Pro
but not XP home as simple file sharing is always enabled on
XP Home. Refer to the following for more info:
SQL Server clients are authenticated as guests if Simple
File Sharing is enabled
http://support.microsoft.com/?id=831133
-Sue
On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
<lange@.discussions.microsoft.com> wrote:
>My variation of this problem is as follows:
>the server has the Windows authentication mode, I'am aware of it so I make
>sure I comply with it in my connection attempt (through Enterprise Manager)
.
>I attempt to
>connect from another PC. Both the client PC and the server have the same
>range of users, same names and passwords. When I connect to an sql server o
n
>a server 2003 box, it works. When I connect to an sql server on an XP box,
it
>fails (login failed for user '(null)'. I made sure the security envronment
is
>identical for both (same logins, authentication mode etc). All computers ar
e
>in the same workgroup (no domain). When the guest account is included as an
>allowable account for the sql server, it connects to the xp box, otherwise
-
>it fails. And it always connects locally (when I use the local Enterprise
>Manager). Any suggestions?|||Thanks Sue. Actually I cannot ascertain what mode my file sharing was in,
because
I reinstalled Windows XP, but before I did that I had fixed the problem in a
different
way, although it may boil down to the same: it was about local group
policies. It's not that easily accessible:
you need to run gpedit.msc, navigate to:
Computer Configuration
Windows Settings
Security Settings
Local Policies
Security Options
there is an option there: "sharing and security model for local accounts"
it can be either :"classic" or "guest only". What is needed there is
"classic" of course. If think your solution may implicitly include toggling
this setting and it is easily accessible whereas what I did is not.
"Sue Hoegemeier" wrote:
> Authentication is done using the guest account when simple
> file sharing is enabled on XP - you can change it on XP Pro
> but not XP home as simple file sharing is always enabled on
> XP Home. Refer to the following for more info:
> SQL Server clients are authenticated as guests if Simple
> File Sharing is enabled
> http://support.microsoft.com/?id=831133
> -Sue
> On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
> <lange@.discussions.microsoft.com> wrote:
>
>sql
the server has the Windows authentication mode, I'am aware of it so I make
sure I comply with it in my connection attempt (through Enterprise Manager).
I attempt to
connect from another PC. Both the client PC and the server have the same
range of users, same names and passwords. When I connect to an sql server on
a server 2003 box, it works. When I connect to an sql server on an XP box, i
t
fails (login failed for user '(null)'. I made sure the security envronment i
s
identical for both (same logins, authentication mode etc). All computers are
in the same workgroup (no domain). When the guest account is included as an
allowable account for the sql server, it connects to the xp box, otherwise -
it fails. And it always connects locally (when I use the local Enterprise
Manager). Any suggestions?Authentication is done using the guest account when simple
file sharing is enabled on XP - you can change it on XP Pro
but not XP home as simple file sharing is always enabled on
XP Home. Refer to the following for more info:
SQL Server clients are authenticated as guests if Simple
File Sharing is enabled
http://support.microsoft.com/?id=831133
-Sue
On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
<lange@.discussions.microsoft.com> wrote:
>My variation of this problem is as follows:
>the server has the Windows authentication mode, I'am aware of it so I make
>sure I comply with it in my connection attempt (through Enterprise Manager)
.
>I attempt to
>connect from another PC. Both the client PC and the server have the same
>range of users, same names and passwords. When I connect to an sql server o
n
>a server 2003 box, it works. When I connect to an sql server on an XP box,
it
>fails (login failed for user '(null)'. I made sure the security envronment
is
>identical for both (same logins, authentication mode etc). All computers ar
e
>in the same workgroup (no domain). When the guest account is included as an
>allowable account for the sql server, it connects to the xp box, otherwise
-
>it fails. And it always connects locally (when I use the local Enterprise
>Manager). Any suggestions?|||Thanks Sue. Actually I cannot ascertain what mode my file sharing was in,
because
I reinstalled Windows XP, but before I did that I had fixed the problem in a
different
way, although it may boil down to the same: it was about local group
policies. It's not that easily accessible:
you need to run gpedit.msc, navigate to:
Computer Configuration
Windows Settings
Security Settings
Local Policies
Security Options
there is an option there: "sharing and security model for local accounts"
it can be either :"classic" or "guest only". What is needed there is
"classic" of course. If think your solution may implicitly include toggling
this setting and it is easily accessible whereas what I did is not.
"Sue Hoegemeier" wrote:
> Authentication is done using the guest account when simple
> file sharing is enabled on XP - you can change it on XP Pro
> but not XP home as simple file sharing is always enabled on
> XP Home. Refer to the following for more info:
> SQL Server clients are authenticated as guests if Simple
> File Sharing is enabled
> http://support.microsoft.com/?id=831133
> -Sue
> On Tue, 20 Sep 2005 19:13:02 -0700, "lange"
> <lange@.discussions.microsoft.com> wrote:
>
>sql
login failed for 'user' (Application Role)
I've created a database in SQL Express and I have a Windows form attempting to connect to it through SQL Authentication. Connection string:
private string connString = @."Data Source=.\sqlexpress;Initial Catalog=SQLTestDatabase;User ID=SearchAppRole; Password=password;";
The role I have added to the database is an Application Role. It has been added to the Database permissions with Grant checked for "Select" and "Authenticate".
If I test this with query analyzer, it returns expected results (if I remove Grant from 'Select', it fails)
sp_setapprole 'SearchAppRole', 'password'
select * from recipe
If I edit my connection string (for testing purposes) to use the sa account, the application can connect and run the Select statement:
private string connString = @."Data Source=.\sqlexpress;Initial Catalog=SQLTestDatabase;User ID=sa; Password=sa_password;";
However, I cannot get the application to successfully logon and run the select statement when using the user id and password of the Application Role. I get error:
System.Data.SqlClient.SqlException: Login failed for user 'SearchAppRole'. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj
I can't find much information on Application Role...I just want one basic permission for the application as a whole. Any help is appreciated. Thanks.
You will first have to connect with a valid user on the database to set the application role. The user can be a dummy user having no access to the actual stored objects. But for using the command you will have to first open a connection to the database.HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
|||Ok. I'm sure this works, and I think I found an example of it here on these forums. However, I decided to just add a User to the database and work with that. I'm not sure that I really need to use Application Role and I don't know why it isn't more straightforward. Thanks.sql
Wednesday, March 21, 2012
Login failed for user 'miovision'.
Hi I have an ASP.NET application which was being developed using SQL 2005, VS 2005 in a Server 2003 environment and using SQL Server Authentication.I deployed the application in a shared hosted enviroment running SQL Server. I created a new user and changed the connection string in my ASP.NET application to the following:
Server=209.200.235.3;Database=some_database;User ID=some_user; Password=some_password;
When i try to connect to the web page on my hosted site I get the following error:
Server Error in '/' Application. Login failed for user 'miovision'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'miovision'.
Source Error: Line 4:
<html xmlns="http://www.w3.org/1999/xhtml" >Line 5: <head id="Head1" runat="server">Line 6: <title><%=Constants.PRODUCT_NAME %></title>Line 7: <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />Line 8: <link rel="icon" href="favicon.ico" type="image/x-icon" />
Source File: d:\Inetpub\vhosts\interlyticsonline.officewebsite.net\httpdocs\Default.aspx
Line: 6 Stack Trace: [SqlException (0x80131904): Login failed for user 'miovision'.] System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +734931 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +188 System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +1838 System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) +33 System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +628 System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +170 System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +359 System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +28 System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +424 System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +66 System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +496 System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +82 System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +105 System.Data.SqlClient.SqlConnection.Open() +111 System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +121 System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) +162 System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) +107 Miovision.JInterlytics.Common.JAMAR_DevDataSetTableAdapters.procSoftwareConfigurationSelectTableAdapter.Fill(procSoftwareConfigurationSelectDataTable dataTable, Nullable`1 i_SoftwareConfigID, String i_SoftwareConfigName) in C:\My Code OLD\JInterlytics\Miovision.JInterlytics.Common\Miovision.JInterlytics.Common\DataAccess\JAMAR_DevDataSet.Designer.vb:9759 DataAccessSelect.procSoftwareConfigurationSelect(String softConfigName) +80 Constants.SERVER_ADDRESS() +11 Constants..cctor() +274
[TypeInitializationException: The type initializer for 'Constants' threw an exception.] ASP.default_aspx.__Render__control2(HtmlTextWriter __w, Control parameterContainer) in d:\Inetpub\vhosts\interlyticsonline.officewebsite.net\httpdocs\Default.aspx:6 System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +2065851 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +24 System.Web.UI.HtmlControls.HtmlTitle.Render(HtmlTextWriter writer) +94 System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25 System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22 System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +130 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +24 System.Web.UI.HtmlControls.HtmlHead.RenderChildren(HtmlTextWriter writer) +14 System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer) +29 System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25 System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22 System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +130 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +24 System.Web.UI.Page.Render(HtmlTextWriter writer) +26 System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25 System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1896
I have verified the passwords match. What am I missing?
Thanks.Is "miovision" the actual user ID in your connection string? When you create a login/user, you need grant the login access to its default datebase. Otherwise, login will fail.|||Yes, the user ID is the same in the connection string as it is in the database.|||Hi,
please make sure that the user is enabled and not locked out, the user has the priviledge to access the server and the user has the appropiate right to have access to the server. If the connection possible using other clients than the ASP webpage ?
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
Login failed for sql authentication
I've developed an ASP2 application. Locally, everything was fine. However, when I deployed it on a remote server. I got this error:
Login failed for user 'domain\userx'.
My connection string is:
connectionString="Data Source=ServerName;Initial Catalog=Aspect;User Id =domain\userx;Password = abc"
I'm quite sure that connection string is fine. I need to mention that whenever I try to connect to the remote server from my client by the Sql authentication, I get the message that login failed for this user. But when I try to connect by windows authentication, it works and there is no error.
I asked the administrator, and he told me that Sql Server authentication is in mixed mode.
So, I really can't figure out what is the problem
From your connection string I found you're trying to explicitly specify a Windows account, which seems to connect with Windows Authentication rather than SQL Authentication. To learn more about Authentication Mode in SQL, please take a look at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_47u6.asp
You can 2 options when connect to SQL, either to specify a SQL account and password; or use WindowsAuthentication by setIntegrated Security to SSPI (true). So if you want to connect with Windows Authentication, firstly you have to add the Windows Account to the SQL logins and grant proper permission to it. More information about creating SQL Logins can be found at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/moddev/html/dehowcreatingsqlserverusers.asp
then write your connection string as following:
connectionString="Data Source=ServerName;Initial Catalog=Aspect; Integrated Security =SSPI;";
This website provides various connection strings:
http://www.connectionstrings.com
|||Thanks lori_jay
You're right. that was my mistake
However, when I tried to connect with connection string same as you wrote, I got this error "Login failed for user null'. But. I could connect to my DB by using client tools and with windows authentication.
So, the problem occurs when I try to connect through my web application.
Do you have any suggestion ?
|||Also I have another question.
If I use windows authentication in my connection string. Does everyone in the domain who succesfully logined, have access ?
Thanks.
|||
bkpazand:
However, when I tried to connect with connection string same as you wrote, I got this error "Login failed for user null'. But. I could connect to my DB by using client tools and with windows authentication.
Then is your application deployed under IIS? It seems that other account has been used to connect to SQL. So please make sure you perform proper impersonation when connect under IIS. You can take a look at this post:
http://forums.asp.net/thread/1294820.aspx
And you can also find much information about impersonation on MSDN.
If I use windows authentication in my connection string. Does everyone in the domain who succesfully logined, have access ?
No. If you want to allow other users in the same domain to connect the SQL Server, you can add the users or usergroup to the local Administrators group of the SQL machine. That's because SQL has a built-in login 'BULITIN\Administrators', all memebers for local admin will be mapped to this login when connect to SQL with Windows Authentication.
Monday, March 12, 2012
Login error at Microsoft SQl server 2005
when i tried to login at SQL server 2005 by my local account i found an error (i login by the administrator account and use windows authentication) ... can any one help me plz?
Which error did you get ?
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de|||See this http://msdn2.microsoft.com/en-us/library/ms366351.aspx is any help.
Login Authentication for Standard Accounts
We have a couple of vendor applications that create standard accounts.
These accounts have the same format as our domain accounts. For
example, my Windows account would be <domain>\<user_name>. The SQL
standard account would be <user_name>.
What we would like to do is change the login process to validate
against active directory either prior to or instead of checking the
SQL password. Everything else could remain the same.
This would be on SQL 2000 or SQL 2005. Any suggestions or other
insight would be appreciated.RogerT (roger.tompkins@.gmail.com) writes:
> We have a couple of vendor applications that create standard accounts.
> These accounts have the same format as our domain accounts. For
> example, my Windows account would be <domain>\<user_name>. The SQL
> standard account would be <user_name>.
> What we would like to do is change the login process to validate
> against active directory either prior to or instead of checking the
> SQL password. Everything else could remain the same.
> This would be on SQL 2000 or SQL 2005. Any suggestions or other
> insight would be appreciated.
I'm not really sure what you mean here. SQL Server provides to
means of authentication: SQL authentication and Windows authentication.
It sounds from your description that the vendor accounts are for
SQL authentication. But you cannot change a login from being an SQL
login, to be a Windows login. These two types of logins are competely
unconnected.
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pr...oads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodin...ions/books.mspx
These accounts have the same format as our domain accounts. For
example, my Windows account would be <domain>\<user_name>. The SQL
standard account would be <user_name>.
What we would like to do is change the login process to validate
against active directory either prior to or instead of checking the
SQL password. Everything else could remain the same.
This would be on SQL 2000 or SQL 2005. Any suggestions or other
insight would be appreciated.RogerT (roger.tompkins@.gmail.com) writes:
> We have a couple of vendor applications that create standard accounts.
> These accounts have the same format as our domain accounts. For
> example, my Windows account would be <domain>\<user_name>. The SQL
> standard account would be <user_name>.
> What we would like to do is change the login process to validate
> against active directory either prior to or instead of checking the
> SQL password. Everything else could remain the same.
> This would be on SQL 2000 or SQL 2005. Any suggestions or other
> insight would be appreciated.
I'm not really sure what you mean here. SQL Server provides to
means of authentication: SQL authentication and Windows authentication.
It sounds from your description that the vendor accounts are for
SQL authentication. But you cannot change a login from being an SQL
login, to be a Windows login. These two types of logins are competely
unconnected.
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pr...oads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodin...ions/books.mspx
Friday, March 9, 2012
login 101..
What is the difference between 'Windows Authentication' login and 'SQL
login'? I have IIS, MSDE installed on my home computer and I don't log
into windows. So how does 'Windows Authentication' apply in this case?
Thanks,
RABMissouriIt depends on what operating system you are running at home.
In some cases, even though you don't explicitly log in, you
are being logged in when the computer starts up. It's just
transparent to the user.
What OS are you running at home?
-Sue
On 22 May 2006 08:31:41 -0700, "RAB" <rabmissouri@.yahoo.com>
wrote:
>What is the difference between 'Windows Authentication' login and 'SQL
>login'? I have IIS, MSDE installed on my home computer and I don't log
>into windows. So how does 'Windows Authentication' apply in this case?
>
>Thanks,
>RABMissouri|||On 22 May 2006 08:31:41 -0700, RAB wrote:
>What is the difference between 'Windows Authentication' login and 'SQL
>login'?
Hi RABMissouri,
Windows authentication - SQL Server uses a special protocol to ask
Windows for the details of the currently logged-in user. If the Windows
user is in the list of allowed logins, the login succeeds wiithout the
user having to enter anything. If the Windows login is not registered as
a SQL Server login, an error message follows.
Advantages: no extra login prompts for user; SQL Server security
benefits from Windows login policies (such as password aging, etc).
Disadvantages: doesn't lend itself for testing; Windows users with admin
rights are automatically logged in as SQL Server admin.
SQL Server login - SQL Server prompts user for loginname and password,
then compares this to list of loginnames and (encrypted) passwords in
system table master..syslogins. On a match, you are logged in.
Advantages: easy when you have to test seecurity for different roles.
Disadvantages: no password expiration, password complexity checks, etc.
> I have IIS, MSDE installed on my home computer and I don't log
>into windows. So how does 'Windows Authentication' apply in this case?
What version of Windows are yoou using?
Hugo Kornelis, SQL Server MVP|||Windows XP Professional...
Thanks,
RABMissouri|||Just a correction for the SQL Authentication description:
On Windows 2003, SQL Server 2005 can enforce the Windows password complexity
and expiration policy for SQL logins.
Thanks
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Hugo Kornelis" <hugo@.perFact.REMOVETHIS.info.INVALID> wrote in message
news:bsf472h1m7vuhpjlhfi55eekqe47r7nte3@.
4ax.com...
> On 22 May 2006 08:31:41 -0700, RAB wrote:
>
> Hi RABMissouri,
> Windows authentication - SQL Server uses a special protocol to ask
> Windows for the details of the currently logged-in user. If the Windows
> user is in the list of allowed logins, the login succeeds wiithout the
> user having to enter anything. If the Windows login is not registered as
> a SQL Server login, an error message follows.
> Advantages: no extra login prompts for user; SQL Server security
> benefits from Windows login policies (such as password aging, etc).
> Disadvantages: doesn't lend itself for testing; Windows users with admin
> rights are automatically logged in as SQL Server admin.
> SQL Server login - SQL Server prompts user for loginname and password,
> then compares this to list of loginnames and (encrypted) passwords in
> system table master..syslogins. On a match, you are logged in.
> Advantages: easy when you have to test seecurity for different roles.
> Disadvantages: no password expiration, password complexity checks, etc.
>
> What version of Windows are yoou using?
> --
> Hugo Kornelis, SQL Server MVP|||If you aren't logging in then I would guess you are using
the Welcome screen login option. The user you select is the
user that is logged into windows for you. That is the login
that would access MSDE on your computer if you were using
osql, admin tools, etc. Depending on other settings but
generally if your web site is using Windows Authentication,
it will log into SQL Server using the ComputerName\ASPNET
login.
That's basically how it would work. There is a login
associated with you as well as IIS that can be used as
windows logins in SQL Server.
-Sue
On 22 May 2006 18:40:57 -0700, "RAB" <rabmissouri@.yahoo.com>
wrote:
>Windows XP Professional...
>Thanks,
>RABMissouri
login'? I have IIS, MSDE installed on my home computer and I don't log
into windows. So how does 'Windows Authentication' apply in this case?
Thanks,
RABMissouriIt depends on what operating system you are running at home.
In some cases, even though you don't explicitly log in, you
are being logged in when the computer starts up. It's just
transparent to the user.
What OS are you running at home?
-Sue
On 22 May 2006 08:31:41 -0700, "RAB" <rabmissouri@.yahoo.com>
wrote:
>What is the difference between 'Windows Authentication' login and 'SQL
>login'? I have IIS, MSDE installed on my home computer and I don't log
>into windows. So how does 'Windows Authentication' apply in this case?
>
>Thanks,
>RABMissouri|||On 22 May 2006 08:31:41 -0700, RAB wrote:
>What is the difference between 'Windows Authentication' login and 'SQL
>login'?
Hi RABMissouri,
Windows authentication - SQL Server uses a special protocol to ask
Windows for the details of the currently logged-in user. If the Windows
user is in the list of allowed logins, the login succeeds wiithout the
user having to enter anything. If the Windows login is not registered as
a SQL Server login, an error message follows.
Advantages: no extra login prompts for user; SQL Server security
benefits from Windows login policies (such as password aging, etc).
Disadvantages: doesn't lend itself for testing; Windows users with admin
rights are automatically logged in as SQL Server admin.
SQL Server login - SQL Server prompts user for loginname and password,
then compares this to list of loginnames and (encrypted) passwords in
system table master..syslogins. On a match, you are logged in.
Advantages: easy when you have to test seecurity for different roles.
Disadvantages: no password expiration, password complexity checks, etc.
> I have IIS, MSDE installed on my home computer and I don't log
>into windows. So how does 'Windows Authentication' apply in this case?
What version of Windows are yoou using?
Hugo Kornelis, SQL Server MVP|||Windows XP Professional...
Thanks,
RABMissouri|||Just a correction for the SQL Authentication description:
On Windows 2003, SQL Server 2005 can enforce the Windows password complexity
and expiration policy for SQL logins.
Thanks
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Hugo Kornelis" <hugo@.perFact.REMOVETHIS.info.INVALID> wrote in message
news:bsf472h1m7vuhpjlhfi55eekqe47r7nte3@.
4ax.com...
> On 22 May 2006 08:31:41 -0700, RAB wrote:
>
> Hi RABMissouri,
> Windows authentication - SQL Server uses a special protocol to ask
> Windows for the details of the currently logged-in user. If the Windows
> user is in the list of allowed logins, the login succeeds wiithout the
> user having to enter anything. If the Windows login is not registered as
> a SQL Server login, an error message follows.
> Advantages: no extra login prompts for user; SQL Server security
> benefits from Windows login policies (such as password aging, etc).
> Disadvantages: doesn't lend itself for testing; Windows users with admin
> rights are automatically logged in as SQL Server admin.
> SQL Server login - SQL Server prompts user for loginname and password,
> then compares this to list of loginnames and (encrypted) passwords in
> system table master..syslogins. On a match, you are logged in.
> Advantages: easy when you have to test seecurity for different roles.
> Disadvantages: no password expiration, password complexity checks, etc.
>
> What version of Windows are yoou using?
> --
> Hugo Kornelis, SQL Server MVP|||If you aren't logging in then I would guess you are using
the Welcome screen login option. The user you select is the
user that is logged into windows for you. That is the login
that would access MSDE on your computer if you were using
osql, admin tools, etc. Depending on other settings but
generally if your web site is using Windows Authentication,
it will log into SQL Server using the ComputerName\ASPNET
login.
That's basically how it would work. There is a login
associated with you as well as IIS that can be used as
windows logins in SQL Server.
-Sue
On 22 May 2006 18:40:57 -0700, "RAB" <rabmissouri@.yahoo.com>
wrote:
>Windows XP Professional...
>Thanks,
>RABMissouri
Subscribe to:
Posts (Atom)