Authentication Failure - Can't Find Domain Accounts
May 30, 2007
We're getting an error where we can't add a login with the full dns name of a user - domain.xyzuser, for example. Get an error 15401, "Windows NT user or group domain.xyzuser' not found". The domain has a different Netbios name and DNS domain names, so we can add the user when we use the form "netbiosnameuser". So far so good.
Unfortunately, we have another application - Office Share Point Server whose shared services provider won't run, giving errors in the event log every 60 seconds that "Windows NT user or group 'domain.xyzuser' not found".
It looks as if SQL insists upon listing users in the form netbiosdomainnameuser, and applications that look for domain.xyzuser simply fail to authenticate.
Suggestions?
jnfranc at yahoo period com
View 3 Replies
ADVERTISEMENT
Jul 23, 2005
Hi,I have a peculiar problem (or maybe not). I have SQL clients installedon XP boxes. These XP boxes are a member of let us say "XYZ" domain.SQL Server is installed on one of the boxes having Windows 2000 Serverin the same network. The installation has been done on local domainaccount. Since SQl Server has been installed with Windowsauthentication, what happens if the XYZ domain fails. Will it bepossible for all clients to access the database present on SQL Serverin the Win 2K box. I think I have made myself clear upto some extent.Please throw light on how to accomplish the connectivity between SQLclients and server in case of domain failure.Regards,Vinodi
View 2 Replies
View Related
Aug 12, 2015
I cannot get a consistent answer as to how many domain accounts would be suggested in a SQL Server 2014 installation. Previously the recommendation was a separate account for each service to provide isolation and minimum permissions for each account. It seems from what I've read that a single domain account would have something added to make it unique from SQL Server's perspective. Several still advocate multiple accounts. I don't know if they are doing so because that's the way it's always been done or if there is still some compelling reason to do so. I don't want to create unnecessary accounts simply because something is "ideal."
View 8 Replies
View Related
Apr 5, 2007
I have a root domain and child domain.
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
Any ideas on how to fix this ?
View 1 Replies
View Related
Jun 8, 2007
I have 4 new SQL Server 2005 installations on Windows 2003 that I configured at our main office and shipped to a hosting center. All four servers are members of our domain. I set up test datbases with replication on one of the servers and facilitated this with a domain account.
Now that I've moved the servers to the hosting center (which has a DC) and I'm not having any luck adding domain accounts to the permissions section on any of the the SQL Server boxes.
When I try to add a domain account in the SQL Server's permissions window I get "Name Not Found". By every indication the server is connected to the domain. I can log on using my domain account; I can create shares specifying domain accounts but I can't seem to add domain accounts to the SQL server permissions. When I look in the permission's tab I still see the original domain account, I had added back in the main office, stranded by itself in the list of users. We're using mixed authentication by the way.
Why doesn't SQL Server recognize the domain? Where does it get it's list of users? Does the account I'm logging in with just not have the permission to add domain accounts? These diaglogs are slightly different from the normal 'add a user' dialog boxes.
I feel like this must be a simple oversight. Any help would be appreciated. I'd prefer to move away from local accounts to keep things simple.
View 2 Replies
View Related
Jul 12, 2006
Hi There
Currently we run a certain instance , agent under local system on a server.
I want to create specific domain accounts for the sql server service and agent, now i know that one should create these accounts with the least priviledge for security reasons.
cannot find the topic in BOL, can some please give me the BOL topic or a link to exactly what the least priviledge is for the domain accounts for sql server services.
Thanx
View 4 Replies
View Related
Jul 23, 2014
Installed sql server 2012 enterprise. Runs with the built in account fine.
I tried entering a domain account to run as the service account from sql configuration it fails with the error "the specified network password is not correct".
I tried from services.msc and entered successfully but when I try to restart it fails that the log in credentials are wrong.
the domain account and password I entered are just fine. What's it I should do or missing?
View 3 Replies
View Related
May 3, 2004
We are about to change the sa password, currently all packages and jobs rely on this account. I imagine there is probably a better architecture that we could employ to ease this process. Any suggestions recommendations?
Also any caveats I should be aware of regarding places to look that might currently rely on the sa account so that we do not need to worry about existing processes from breaking?
I think we are going to create an NT account for DTS Packages and possibly use the same account for any DTSRun jobs, does this make sense? Or is there anything to gain by having these as separate accounts? Also should this be the same account used to run the MSSQLServer process?
I tried doing a search for this information here, thinking it was already covered, but could not find anything that informative, any resources that you could point me to would be appreciated, I will look on BOL as well as MSFT to see what I can dig up.
View 1 Replies
View Related
Jan 18, 2008
I'm attempting to write a script that I can execute accross 30 servers that will create a domain login and subsequently grant access to said account on all databases per server. The only problem that I'm running into is trying to dymanically create the login. Example source is below.
declare @sql varchar(1000)
declare @loginname varchar(50)
select @loginname = 'DOMAINaccountname'
set @sql = 'if not exists (select * from master.dbo.syslogins where name = N' + char(39) + 'DOMAINaccountname' + char(39) + ')' + char(10) + char(13)
set @sql = @sql + 'begin ' + char(10) + char(13)
set @sql = @sql + char(9) + 'exec master.dbo.sp_grantlogin ' + quotename(@loginname)
print @sql
exec (@sql)
Here is the generated output and the error. Any suggestions would be appreciated.
if not exists (select * from master.dbo.syslogins where name = N'DOMAINaccountname')
begin
exec master.dbo.sp_grantlogin [DOMAINaccountname]
Msg 102, Level 15, State 1, Line 3
Incorrect syntax near 'DOMAINaccountname'.
View 4 Replies
View Related
May 21, 2015
My company doesn't allow using Local Service / Network Service accounts for SQL Server. So I created domain service accounts. Can multiple SQL Server installations use the same domain service accounts ?
View 4 Replies
View Related
May 24, 2006
I attempted to setup database mirroring using a High Availability scenario but when I installed SQL is chose to use local system accounts for all the services. Consequently, I stubled upon a microsoft article explaining how to setup mirroring using local system accounts and certificate authentication but I am stil not able to get it to work. When I try ti initiate the mirror from the mirror server I receive an error stating "Neither the partner nor the witness server instance for database "EDENLive" is available. Reissue the command when at least one of the instances becomes available." I have checked all the endpoints and everything seems to be in order. I even checked to make sure that each server was listening on the appropriate ports and I AM able to telnet to the ports. Please help!
View 1 Replies
View Related
Jul 16, 2007
Hi,
I have a client running in a Domain A and a SQL server running in Domain B using Windows security. We don't want to put SQL Server in the mixed authentication mode.
I created a local group on de SQL server. Gave the group correct rights.
Added users from Domain A to that group. Although he prompted me for username password from Domain A it did work.
There is currently no trust between those domains. What kind of a trust should it be ? I believe that a one way trust where B trusts A should be enough.
Any suggestions.
CE
View 1 Replies
View Related
Jan 29, 2007
Hi:
I am trying to figure out if there is a way to connect via SQL Server Management Studio to a server sitting on a separate domain. So here is the situation. there is Server B which sits in a domain called DomainB. If I am in DomainA, I could typically remote into that server utilizing an IP address in DomainB, and even transfer files to that server. But how do I connect via SQL Server Management Studio(basically login as a different domain user) to Server B in DomainB from DomainA. Basically when I choose Windows Authentication from the dropdown list in SQL Server Management Studio, it grays out the username field, which is where I could type something like this domainBusernameondomainB, similar to how you would connect to a share on that server. Please let me know if there is a possibly solution to this. Also, our customer doesnot allow SQL Server Auth/Logins, so that is not an option. Thanks.
View 24 Replies
View Related
Apr 28, 2008
We have a SQL 2005 box that requires windows authentication but I have to connect a laptop that is not part of the domain. Is there any way to do this? Per company policy, the SQL server cannot be changed to use SQL Auth AND Windows Auth. Also per policy, the user's laptop cannot be joined to the domain since it's not a company laptop.
I've tried using the following command:
net use \SQLServerNameipc$ /user:DomainNameDomainAccount Password
and then using enterprise manager to register the sql server but it still says that the computer is not trusted.
Is there something else to this that I am missing or is this just not possible?
Thanks in advance for the help.
View 2 Replies
View Related
Nov 8, 2006
Hi
We are planning implementation of a currently Sybase db. The users (about 3600) will be i 5 domains and we want single sign-on through trusted connections. We want to use the database roles to define different user access on databases and tables. There will be around 2000 roles. We also want to add the users directly to the database roles without having to grant each user database access.
So I thought that I could add the user groups from all domains and then add each domain user account to specified database roles. Am I right here or what? The Windows authentication will lookup or check the users kerberos ticket during logon process and allow logon.
The documentation here is weak and I assume it's a windows authentication question but wondered if any of you guys had been down the same road.
For creating the groups I have the following options:
Create a domain group and put all the usergroups from the other domains in this group
Add user groups from all other domains directly into the SQL Server.
Any recommendations here?
View 3 Replies
View Related
Feb 24, 2007
If my SQL Server authentication is windows integrated authentication, whenever my application makes a connection to SQL server does it contact the windows active directory domain controller to authenticate the windows user account? How does windows integrated authentication work in the background?
View 9 Replies
View Related
Feb 13, 2007
Hi There
I have service broker working 100% with an initiator - forwarder - target, all in the same domain using windows authentication on the endpoints, for all instances' the sql server service run under the same domain account, which in turn is granted connect on the various endpoints. This all works 100%
However i have a scenario where the initiator will be in a different trusted domain.
I need to know if i am correct in thinking that the initiator sql server servcie account can run under DomainAsqlservice, the target instance sql server servcie can run under DomainBsqlservice, then on the forwarder i simply grant connect on the forwarder endpoint to both DomainAsqlservice and DomainBsqlservice.
Is this correct, will this work?
Thanx
View 6 Replies
View Related
Nov 16, 2006
Greetings,
One of my users gets the following error when he tries to connect to my SQL Server 2000 database using windows authentication via Query Analyzer:
[Micorsoft][ODBC SQL Server Driver][SQL Server] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Me and the server are located in Colorado and are on the NADomain. User is in London on the EURDomain. The EURDomain has a one way trust to the NADomain to use NADomain resources. I have granted access to the database to the user via Enterpise Manager as EURDomainuserid. All the literature I've read says this should be sufficient to connect but isn't. User can connect with SQL Server authentication. Users on the NADomain in Toronto can connect just fine with Windows Authentication. EURDomain user can access other file server resources in the same building as the SQL Server in Colorado.
SQL Server version is:
Microsoft SQL Server 2000 - 8.00.818 (Intel X86) Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
EURDomain Client ODBC version is 2000.85.1022.00 and MDAC is 2.8.
Any help is greatly appreciated.
View 5 Replies
View Related
Apr 4, 2007
Hi,
I am new to Reporting Services. I want to use Reporting Services 2005 in our application.
My custom web application is on one machine and Reporting Services 2005 is on other machine. I am using Forms Authentication and using Single Sign On for login
If my custom web application and Reporting Services are on same machin I can get "Authentication Ticket" issued by ReportingServices2005 to the Report server.
But in this case I am not able to get "Authentication Ticket" on Report Server since it is on other machine.
I am using ReportViewer control in my web application to display Reports and using LogonUser method to get the Authentication Ticket.
How can I pass CookieAuthentication ticket from my Custom Web Application to Report Server?
Is there any work around to pass Authentication Cookie across Domain or any other solution for this?
Regards
Amit
View 3 Replies
View Related
Sep 8, 2006
I have several access databases in mind to migrate to SQL server. I installed MS SQL 2005 Express on my machine. I will have procedures to run with authorizations beyond that of a common user, such as database administrative work where server agent is not available, I may rely on users' log-on prompt to do some maintenance work. However, I cannot get the EXEC AS 'DomainUser' to work. The procedures can be created OK. But whenever they are called, the following message shows up:
Msg 15404, Level 16, State 19, Procedure XXX, Line 0
Could not obtain information about Windows NT group/user 'DomainUser', error code 0xea.
I tried to tweak with the account under which the server service is running. There are three options under built-in account: Local system, Local service, and Network Service. My understanding is that Network Service will use the log-on of the current user of the computer. I have admin right of the computer. None of the three options work. Additionally, when I specify an account (my own account), it's the same thing.
The procedure xp_logininfo always fails when I query a specific domainuser.
The ADHelper is configured to run manually.
I could not think of other ways to get a possible solution. Any help is much appreciated.
View 4 Replies
View Related
Jul 20, 2005
I have observed that a temporary loss of a domain controller can causeproblems creating new ado connections between a client machine runningado and a separate sql server machine that are members of the domain.I understand why this happens when creating connections with windowsauthentication. What is a mystery is that it also sometimes effectsnew connections that use "sql authentication". Below is a descriptionof my test scenario.a. Setup 3 machines.i. one domain controller machine. windows 2000 based. I have triedboth a regular domain setup and a domain setup in compatibility mode.ii. one sql server machine that is a member of the domain. windows2000.iii. one client machine running an ado test program that communicateswith the sql server machine. I have tried both 2000 and xp.b. Start your test ado program and create a connection.c. Fire a query.d. It should work.e. Unplug the network cord on the domain controller.f. Create a new connection and fire a new connection about a minute orso after.g. It should work. Apparently the client caches account informationfrom the domain controller for a certain amount of time. The timeseems to be shorter by default in xp than 2000.h. Wait 20 minutes or more.i. Create another new connection. You will notice a timeout error.If your using windows authentication the timeout will happen 100% ofthe time. That is to be expected. If your using sql authenticationthe timeout seems to happen about 50% of the time. I can't explain itother than some strange Microsoft bug. I speculate that it may besome bug with the way ado caches connections. Perhaps a previouslysetup windows authentication connection gets reused by a request for asql authentication connection. However I haven't been able to proveit.Any insight you can offer would be appreciated. I also have a testprogram you can use to reproduce this behavior if you are interested.Thanks,Frank
View 2 Replies
View Related
Sep 13, 2006
I have SQL 2005 installed in a virtual (ESX) environment with a separate DC. Every minute or so an event shows up in the Application Event Log that says:
Type: Failure Audit
User: dgtestdc1$
Computer: sql1
Source: MSSQLSERVER
Category: (4)
Event ID: 18456
Description:
Login failed for user 'dgtestdc1$'. [Client: <ip address>]
Data includes: SQL1 master
Any idea what is causing this and how to fix it?
Thanks,
Mindy
View 5 Replies
View Related
Dec 16, 2013
I am attempting to set up an always on cluster on VMware for testing. setting up everything through the Failover cluster is fine, the trouble comes when I try to set up the AlwaysOn availability group. Whenever I attempt to specify a network location I receive the following error: Operating System Error 1265(The system cannot contact a domain controller to service the authentication request..).
I looked up this error and most sites point towards a Windows 8 homegroup issue. Since this is a on a domain, I don't think it is relevant. I also added the service accounts from server A to Server B and visa versa. I even added the computer objects to its opposite partner..I have attempted to use "Join Only" and do a manual copy.
View 1 Replies
View Related
Mar 14, 2007
I'm getting the message
Your account information could not be verified
Press Ok to return .....
For setup to verify your credentials the servcies must be startable, connectable, and you must be a SQL Server administrator.
I'm running and instance of sql server called development if that helps any.
thanks.
View 10 Replies
View Related
Sep 11, 2006
Hi,
not sure if this is the right place to raise this question. If not please move this message.
I configured a Sql-Server 2005 installation -that is running on my computer for test purposes- with "Windows Authentication". I had to change my Windows password recently and it seems as if SQL-Server does not accept my account anymore. The event viewer told me that service startups failed because user or password are unkown.
Does anybody know how I may get access again? The problem seems to be that I cannot change back to my old password -unless I change it six or more times...
Thanks for helping me out!
View 2 Replies
View Related
Mar 27, 2007
I have an xp dev machine i use which has sql server 2005. I skipped installin sp1 on sql server and went to sp2 directly. I tried over and over again but getting following errors. Not sure how to fix it.
Product : Database Services (MSSQLSERVER)
Product Version (Previous): 1399
Product Version (Final) :
Status : Failure
Log File : C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGHotfixSQL9_Hotfix_KB921896_sqlrun_sql.msp.log
Error Number : 29528
Error Description : MSP Error: 29528 The setup has encountered an unexpected error while Installing Local Groups. The error is: A member could not be added to or removed from the local group because the member does not exist.
----------------------------------------------------------------------------------
Product : Analysis Services (MSSQLSERVER)
Product Version (Previous): 1399
Product Version (Final) :
Status : Failure
Log File : C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGHotfixOLAP9_Hotfix_KB921896_sqlrun_as.msp.log
Error Number : 29528
Error Description : MSP Error: 29528 The setup has encountered an unexpected error while Installing Local Groups. The error is: A member could not be added to or removed from the local group because the member does not exist.
----------------------------------------------------------------------------------
Product : Reporting Services (MSSQLSERVER)
Product Version (Previous): 1399
Product Version (Final) :
Status : Failure
Log File : C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGHotfixRS9_Hotfix_KB921896_sqlrun_rs.msp.log
Error Number : 29528
Error Description : MSP Error: 29528 The setup has encountered an unexpected error while Installing Local Groups. The error is: A member could not be added to or removed from the local group because the member does not exist.
After going into detailed log file i noticed this account its trying to use,
MSI (s) (A8!54) [17:13:45:891]: PROPERTY CHANGE: Adding SQLBROWSERACCOUNT property. Its value is 'PHXNT1ADMINISTRATOR'.
MSI (s) (A8!54) [17:13:45:907]: PROPERTY CHANGE: Adding AGTACCOUNT property. Its value is 'PHXNT1ADMINISTRATOR'.
Restored account SQLBROWSERACCOUNT=PHXNT1ADMINISTRATOR
MSI (s) (A8!54) [17:13:45:907]: PROPERTY CHANGE: Adding SQLACCOUNT property. Its value is 'NT AUTHORITYSYSTEM'.
Restored account AGTACCOUNT=PHXNT1ADMINISTRATOR
MSI (s) (A8!84) [17:13:48:109]: PROPERTY CHANGE: Adding Rollback_sqlGroupMember.D20239D7_E87C_40C9_9837_E70B8D4882C2 property. Its value is '100Installing Local Groups50000SQLServer2005SQLBrowserUser$PHOENIXDEV2PHXNT1ADMINISTRATOR'.
MSI (s) (A8!84) [17:13:48:343]: PROPERTY CHANGE: Adding Do_sqlGroupMember.D20239D7_E87C_40C9_9837_E70B8D4882C2 property. Its value is '110Installing Local Groups50000SQLServer2005SQLBrowserUser$PHOENIXDEV2PHXNT1ADMINISTRATOR'.
my domain was upgraded from nt to 2003 long time ago from phxnt1 to phxad1 which i dont know why it still try's to use the old account. The old domain is still online would this cause this problem not sure.
View 1 Replies
View Related
May 9, 2007
Has anyone else experienced SQL Express resetting to Windows Authentication only instead of mixed mode for logins after a power failure. I only noticed it happen today as we had 2 power outages in the office and it happened both times. If anyone has seen this happen or knows of a fix please let me know.
View 1 Replies
View Related
Sep 18, 1998
Hi,all
I installed an NT SQL Server and ran the SQL Enterprise Manager, From mamual bar Select Server, then click Register Server, a Register Server dialog box show up.
I than click servers.. and hoped to see the active servers on the NT domain.
I saw nothing, even if I click refresh. I knew there are serveral SQL server
running on the same domain, Did I do something wrong during the SQL server installation process ?
View 2 Replies
View Related
Aug 12, 2015
We have see login failures for windows accounts. Below is the error message.
Description: In our env most logins are windows accounts. Initially we thought it is an UAC issue and we tried to launch the SSMS using "Run as Administrator". However, we are seeing login failures.
Enviroment:
Microsoft SQL Server 2014 - 12.0.2402.0 (X64)
RTM Enterprise Edition (HyperVisor)
Error Message in Error Log :
2015-08-10 22:36:45.290 Logon Error: 18456, Severity: 14, State: 11.
2015-08-10 22:36:45.290 Logon Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
[code]....
We tried dropping this account and re-creating the windows account with same permissions but still result is same. It throws same error message. Login failure message !!!
View 9 Replies
View Related
Jun 1, 2006
I have a very confusing problem that I'm going to attempt to relay concisely:
I have a LAN on which I'm running an Intranet web site built in ASP.Net 2.0 and using SSRS / Sql Server 2005 on the same server.
The name of the box is "warehouse" or "warehouse.mydomain.us." When I ping "warehouse," I get a response from 137.86.166.8, as I should. Likewise, I get a response from 137.86.166.8 when I ping "warehouse.mydomain.us." If I do a "ping -a" on 137.86.166.8, it correctly resolves to "warehouse.mydomain.us." Based on the facts presented in this paragraph, I believe that my DNS is working as expected.
Using IE (6.0.2900.2180.xpsp_sp2_gdr.050301-1519) with "low" security settings, I navigate to http://warehouse.mydomain.us/lex/ (Lex is the name of the app) and it authenticates me to the index page (which calls the SSRS web service to get and display a list of available reports), except that I get the login prompt three times. If I hit F5 (refresh), I get three more login prompts and then I get a 401.1 error. From this point, no matter what I do, I can not see the index page again without closing and restarting IE.
I know that IE only passes credentials to certain sites, so I add my domain (http://warehouse.mydomain.us/) to the Local Intranet list ( Tools->Internet Options->Security->Local Intranet->Advanced) and then I can refresh and see my index page once, but I still get 3 login attempts and then the same thing happens -- I refresh and go through 3 logins and then get a 401.1.
If I now change my address bar to read http://137.86.166.8/lex, I get a single login and it works like a champ. This makes me think that there's a DNS problem, so I open up Mozilla Firefox and wouldn't you know it -- Firefox works like a champ all around -- one single sign-in, it keep credentials between Lex and SSRS, and it appears to use the DNS correctly. However, I can't use Firefox because I can't get any of the SSRS reports to look like they're supposed to in Mozilla-based browsers.
Argh.
I have set my IE securtiy settings to "Low." I have added the primary domain to the Local Intranet list and also to the Trusted Sites list (but you can't do both at the same time). I have even added the internal IP to my "hosts" file.
Does anyone know anything that might be a help to me in getting this figured out?
Other notes of interest:
My machine is an XP machine, but is not on the domain, but I do have a valid domain login that I use and it works in Firefox without problem.
View 6 Replies
View Related
Mar 19, 2008
Hi:
We have one dedicated server, and have 3 different web applications, one of them is located in www folder which is default path, my question is: how do I set different path so all 3 web applications can be accessed by different URL?
Say: www.mywebname1.com, www.mywebname2.com www.mywebname3.com , I need those three URL to find the correct files from my server.
Thanks a lot.
(the DBA in my company has just left, so I need to make these works, however, I have very limited knowledge for this, do you have any suggestion what kind of book I need to read and start with?)
jt
View 1 Replies
View Related
Jul 23, 2015
Do we still need the below service accounts in SQL 2008+ version even if we have proper SQL service accounts added in the logins?
[NT AUTHORITYSYSTEM]
[NT ServiceMSSQLSERVER]
[NT SERVICEReportServer]
[NT SERVICESQLSERVERAGENT]
[NT SERVICESQLWriter]
[NT SERVICEWinmgmt]
View 0 Replies
View Related
Aug 30, 2006
I have had a development XP workstation with RS2000 and IIS sending reports via email for 6 months straight with no problems.
Today my subscriptions are failing with
Failure sending mail: The system cannot find the path specified.
Been searching and digging for hours, and if anyone has any ideas they are greatly appreciated.
View 2 Replies
View Related