February 19, 2010 at 9:26 am
Hi Folks,
I need to add some logins in my database, I have no problem finding them in the Login -New --> Search
But I got this error message:
Windows NT user or group 'INTL\Rtxie' not found. Check the name again. (.Net SqlClient Data Provider)
Why?
Although I am not in the INTL domain, but I am in a trusted domain, and I have no problem adding any other logins from the INTL domain, was this ID created improperly? I guess so but how can I prove it and ask them to correct it?
Thank you very much.
February 19, 2010 at 9:33 am
You need to check with your network or server admins, or who ever is responsible for creating the Windows accounts.
February 19, 2010 at 9:37 am
I would double check this with the admins, as Lynn mentioned. I might also try to add the user to a Windows folder with permissions and make sure that box can see the other domain without issues.
February 19, 2010 at 9:39 am
I already checked with AD admin, what they told me is this account is no difference than other account. but I am sure there is some difference.
February 19, 2010 at 9:49 am
Get the admin with you as you attempt to add the user in question. The problem you are encountering is not specific to SQL Server but its interaction with the OS.
February 19, 2010 at 9:50 am
The account is a newly created account, but I am able to log in using that account. Since this is a new account, does that mean it needs time to be recognized on other domain? this would sound ridiculous to me but I am just hanging here now.
February 19, 2010 at 10:00 am
My Windows Server knowledge is old, but it is possible you may need to wait until the login info as replicated with the domain. Beyond that, as I said, show one the system/network admin the problem you are encountering. They should be able to assist.
February 22, 2010 at 2:23 pm
ok, i believe THIS IS A SQL PROBLEM, INSTEAD OF ACTIVE DIRECTORY PROBLEM
we know Exec xp_logininfo 'intl\abc'
will tell you if the user is a valid user
for this particular user abc, it returns nothing, which means the user's access was denied.
I even tried to give the users 'sysadmin' role, it still returns nothing. That's not right?!
for another user, it returns:
Msg 15404, Level 16, State 11, Procedure xp_logininfo, Line 62
Could not obtain information about Windows NT group/user 'INTL\RTxie', error code 0x534.
February 22, 2010 at 2:58 pm
Have you checked the permissions assigned to the users? Is everything in the same domain?
Do you have the necessary permissions to access the AD?
Okay, done shooting in the dark, need to go get my daughter from school.
February 22, 2010 at 3:34 pm
I'm not sure it's a SQL problem. I think it's a security problem at this point. SQL just queries AD, if I remember correctly, under the service account permissions. Is it possible that this machines doesn't have rights to query the other domain?
February 22, 2010 at 4:40 pm
Is it possible that this machines doesn't have rights to query the other domain?
Thanks Steve, how do I determine this? it has no problem adding other users from other domains, and as you can see, even for the same domain, it sometimes works.
One thing I don't understand is: why I am able to search the login but the login fails to be added for the reason "not found"?
February 22, 2010 at 4:52 pm
What version of windows is being used? IIRC Windows 2003 and newer are actually case sensitive with regards to user names. (But then I may be wrong.)
February 22, 2010 at 5:57 pm
Lynn Pettis (2/22/2010)
What version of windows is being used? IIRC Windows 2003 and newer are actually case sensitive with regards to user names. (But then I may be wrong.)
It's Windows 2003 server Enterprise edition sp2
February 23, 2010 at 9:14 am
I would first try to execute:
exec sp_validatelogins
If this does not produce any results the next step is to retry xp_logininfo:
exec xcp_logininfo 'intl\abd
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
February 23, 2010 at 9:17 am
my browser just went 'whack' ...
let's try some variations of xp_logininfo now:
exec xp_logininfo 'intl\abc' --> we know this fails
How about some variations to take into account character set and case sensitivity ...
exec xp_logininfo 'INTL\ABC'
exec xp_logininfo 'Intl\Abc'
exec xp_logininfo 'INTL\abc'
exec xp_logininfo 'INTL\Abc'
I only mention this because I have seen this issue when maitnaining NT Authority System and Builtin Administrators !
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
Viewing 15 posts - 1 through 15 (of 27 total)
You must be logged in to reply to this topic. Login to reply