November 21, 2016 at 9:53 am
We had to rebuild a user's computer. We installed SMSS 2012.
We have a number of databases in SQL2008 that she has been accessing as a member of an AD group. However when she attempts to access them through the SMSS 2012 interface, she gets the error:
The server principal "{domain}\{user}" is not able to access the database "{database name}" under the current security context.
We had her log on to another machine with SMSS 2008, and she connected without problem. These machines are all on the same network/domain. The databases in question are unchanged, still SQL 2008.
My understanding is that the SSMS 2012 should handle AD authentication exactly like SSMS 2008, but this does not seem to be happening?
Any suggestions (especially since more users will be moving).
...
-- FORTRAN manual for Xerox Computers --
November 21, 2016 at 11:51 am
Hi Jay,
As a start, I would go out and download the latest version of Management Studio (2016) from Microsoft and install it on the workstation, removing the existing one first even though you can run multiple versions on the same computer. Then re-test. This would rule out there being an issue with the version of SSMS. According to Microsoft, this latest version (2016) is compatible with all versions of Sql Server from [2008 - present]. https://msdn.microsoft.com/en-us/library/mt238290.aspx?f=255&MSPPError=-2147217396
November 22, 2016 at 2:23 am
I would, to be honest, be surprised that the user is unable to connect from SSMS 2012 but can from SSMS 2008. What authentication method are you using?
I have SSMS 2008, 2012 and 2016 installed here, and although I can't connect up (for example 2008 to 2012), I have had no problems connecting down in any of the intances. SSMS 2016 did even handle 2005 (although is not truly supported) when I had to spin up an old instance.
My thoughts would therefore be that her log in is not valid. Perhaps she is logging into a local user on the new PC, and rather than her domain account?
What do the SQL Server logs say when she tries to connect? Can you paste the logs here?
Edit: I just noticed I said I "Can" connect up, not can't. Silly fingers.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
November 22, 2016 at 5:43 am
I'm in the same boat as Thom. I use SSMS 2012 to connect to SQL 2012, 2008 and 2005 with no problem.
As long as the user is authenticating using the AD account and not a local account, they should be able to connect to the SQL Server using Windows Authentication. The domain and account must to be the same as the previous one.
November 22, 2016 at 5:57 am
As Ed said, they must be the exact same AD Account. I'm therefore hoping you are using a Domain Controller, with Domain Accounts. If you are using Local accounts, you will need to set up all of her authentication again (and will need to do so for every user that upgrades). Local Accounts are not the way to go in a Network Environment.
Just incase, as well, if you are using Local accounts, then regardless of the Username and PC being the same, the User authentication is not.
So, for example, if the Old PC the user was using was called "PC18" and the account she was using was "asmith", then her login would be "PC18\asmith" if using a local login. Even if you get a new PC, and call it "PC18", and the user you create is called "asmith" (making the account "PC18\asmith"), this new account WILL NOT be the same account that it was before.
Every Microsoft User Account has a unique GUID, which is tied to that account and that account only. Creating a new account, of the same name, on a new same named PC will not generate the same GUID, and thus authentication will fail.
If you can get us the logs, if you're still having problems,this should give us more insight.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
November 30, 2016 at 9:06 am
After 1 day, the user was able to connect. I don't know why, they should be using the same domain controller, but for whatever reason, all is well
thanks
...
-- FORTRAN manual for Xerox Computers --
November 30, 2016 at 11:08 am
jay-h (11/30/2016)
After 1 day, the user was able to connect. I don't know why, they should be using the same domain controller, but for whatever reason, all is wellthanks
I'm glad your problem is solved. Thanks for the feedback.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply