Error 15401 happened when add windows login to SQL server 2000

  • I know this maybe not a right place to ask this question. but somebody maybe came accoss this error before. please help me.

    One new windows user added to domaim controller. very brand new. not rename from old user/account. From Domain server, I Can see this user. I can schedule a meeting with this user.

    when I added this user to SQL server 2000, I can select from dropdown list , but when I click ok, it saids, "the login 'domainname\username' does not exist. error 15401". same thing happened when I used sp_grantlogin.

    the following way I have tried:

    1. SELECT name FROM sysxlogins WHERE sid = SUSER_SID('domainname\username')

    no record returned.

    2. database is case insensitive.

    3. add registry key to set LaslookupCacheMaxSize=0 in SQL server 2000 server, in my computer, in user computer.

    no working.

    please advise me what I should do.

    Thanks

  • Could you retrieve the SID from AD and then see if there is a matching SID within sysxlogins, just as a confirmation of it not existing?



    Shamless self promotion - read my blog http://sirsql.net

  • Thanks for your reply.

    I have permision to logon to AD server. But I don't know how to retrieve SID for this user.

    Another thing I just noticed is that error in SQL server event log. "The Group Policy client-side extension Folder Redirection was passed flags (0) and returned a failure status code of (53). "

    I guess maybe it is related to error 15401.

  • I'm not sure that the client-side redirection is a part of the problem, that is usually related to redirecting folders to other locations (for example putting your "my documents" folder out on a network drive to simplify backup solutions).

    Is there anything in the windows or system logs on that server?

    As for a way to check the SID. Well this is one heck of a mess, but it will check the SID of an individual user within the sysxlogins table (it could be adjusted for a group).

    You'll need to add a linked server to your domain first and set the security

    EXEC sp_addlinkedserver 'ADSI', 'Active Directory Services',

    'ADSDSOObject', '-your domain-'

    GO

    exec sp_addlinkedsrvlogin

    'adsi',

    false,

    '-sqlServerUser-',

    '-domainName\userName-',

    '-domainUserPassword-'

    go

    Then run the query. This part is not pretty, but it works. The are folks who could snap this together nicely in a second, I am not so good at that 😉

    set nocount on

    declare @sql varchar(2000)

    declare @name varchar(200)

    set @name = '-nt account id to check-'

    select @sql = ' select

    rtrim(samaccountname) as LoginName

    , dbo.fn_varbintohexstr(objectSid)as AcctSID from openquery

    (ADSI, ''SELECT

    samaccountname

    ,objectSid

    FROM

    ''''LDAP://yourLDAP''''

    WHERE

    objectCategory=''''Person''''

    and samaccountname = ''''' + @name + '*'''''')'

    exec(@sql)

    --this is the ugly part, you'll need to copy the value returned from the openquery

    --and paste it in here

    select top 10* from sysxlogins where sid = -paste here-



    Shamless self promotion - read my blog http://sirsql.net

  • I didn't get SID using your query, just return empty recordset. I guess I passed the wrong parameter.

    I still try to get result from your query. actually it is the first time I know I can add AD server as SQL server link server. that is amazing. I will read more Docs.

    But the good news is the problem got solved. The reason is my SQL server can't access policy folder in AD Server. this error shows up in Event application log. When I type \\DomainName from RUN, it said Path not found. after fixed this, every thing is working.

    The error in Event application log:

    Event Type:Error

    Event Source:Userenv

    Event Category:None

    Event ID:1000

    Date:1/6/2009

    Time:10:20:57

    User:NT AUTHORITY\SYSTEM

    Computer:MYSQLServer

    Description:

    Windows cannot access the registry information at \\DomainName\sysvol\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User\registry.pol with (53).

  • Awesome stuff. Man I hate group policies.



    Shamless self promotion - read my blog http://sirsql.net

  • I have exactly the same problem.

    How dou you solve it?

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply