Error: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication

  • I have a user that is trying to connect to one of our SQL Servers and he gets the following error:

    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

    After looking in the SQL Error Logs, the following error is raised:

    SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed

    This user changed is password recently and this error is now happening. I can't find any good articles on this. Can anyone help?

    Thanks,

    Bill

  • has the user logged off and back on again after changing his password? if not this is a good place to start as the servers will be trying to authenticate using the old password not the new password.

    I used to get this with the developers at my old job, they always locked their machines never logged off which caused this problem every 45 days

  • Ufortunately, they did log off and the issue is still happening.

  • bpportman 52825 (11/15/2011)


    Ufortunately, they did log off and the issue is still happening.

    Not to worry, always try the most obivous thing first.

    Few questions

    Has the users machine dropped out of the domain? Might have some IT systems process which cleans up AD for users who havn't logged on or machines that haven't been connected in X amount of days.

    Are you using multiple domains? Is there two way trusts between the domains

    Is the users machine in the same domain as the server?

    Has the users account been granted access to SQL?

    Might be a bit obivous the last one but just gotta check.

    What other troubleshooting have you done?

  • I have had this issue in our company when we have multiple domains. I connect to my laptop using my office domain and Remote Desktop into Servers using datacenter domain.

  • Drop & Recreate Login.

    To create a SQL Server login that uses Windows Authentication (SQL Server Management Studio)

    1.In SQL Server Management Studio, open Object Explorer and expand the folder of the server instance in which to create the new login.

    2.Right-click the Security folder, point to New, and then click Login.

    3.On the General page, enter the name of a Windows user in the Login name box.

    4.Select Windows Authentication.

    5.Click OK.

  • Thanks everyone. We only have one domain. The user can log into this computer with no problem. Still searching....

  • Silly question, is the Login added to the server with permissions to connect to a database(s)?

  • hi!

    i have create a vizual c# program linq to sql ..when i whont to open the databse from vizual i have this error ...

    Cannot open database requested by the login. The login failed. Login failed for user

    please can someone help me ??

  • hi!

    i have create a vizual c# program linq to sql ..when i whont to open the databse from vizual i have this error ...

    Cannot open database requested by the login. The login failed. Login failed for user

    please can someone help me ??

    Please don’t hijack someone else thread. You already started a new Thread, right?

  • bpportman 52825 (11/15/2011)


    Thanks everyone. We only have one domain. The user can log into this computer with no problem. Still searching....

    I understand, user would be able to Login to Computer but not with SQL Server. It happens after a password change (some sort of caching, I am not sure). Drop & re-Create SQL Server Login (Windows) as I mentioned below. Also, crosscheck user's privileges for connection.

  • Thanks for you help all - the problem has been solved. This is the message I got from our network admin.

    I was able to fix this yesterday after some serious troubleshooting. We ran a piece of software that allowed us to see where this user was trying to log in what was causing the lockout from his machine and from the SQL server. I had asked the user a few times if he had anything running anywhere or logged in anywhere, and he said no.

    So we ran this tool that allows us to see where his ID might be used and it came up there were a couple of SQL servers where using his ID. They were being used for SQL reporting and DBs running scripts with his ID. So what happened was when he changed his password over vpn on the weekend, something happened where it broke and it didn’t propagate everywhere and it didn’t update everywhere. So his old password on these SQL servers were still using and turning to connect to the network with his old credentials.

    So I went in and removed his credentials from those SQL boxes and problem was solved.

  • bpportman 52825 (11/16/2011)


    Thanks for you help all - the problem has been solved. This is the message I got from our network admin.

    I was able to fix this yesterday after some serious troubleshooting. We ran a piece of software that allowed us to see where this user was trying to log in what was causing the lockout from his machine and from the SQL server. I had asked the user a few times if he had anything running anywhere or logged in anywhere, and he said no.

    So we ran this tool that allows us to see where his ID might be used and it came up there were a couple of SQL servers where using his ID. They were being used for SQL reporting and DBs running scripts with his ID. So what happened was when he changed his password over vpn on the weekend, something happened where it broke and it didn’t propagate everywhere and it didn’t update everywhere. So his old password on these SQL servers were still using and turning to connect to the network with his old credentials.

    So I went in and removed his credentials from those SQL boxes and problem was solved.

    It justifies my suggestion. If you would have drop the Logins (forcefully) all of these connection would have been invalidated. Everything would be smooth thereafter (Creating a New login).

  • this is a good reason why service accounts should be used with none expiring passwords to run SQL server services

  • Dev (11/17/2011)


    bpportman 52825 (11/16/2011)


    Thanks for you help all - the problem has been solved. This is the message I got from our network admin.

    I was able to fix this yesterday after some serious troubleshooting. We ran a piece of software that allowed us to see where this user was trying to log in what was causing the lockout from his machine and from the SQL server. I had asked the user a few times if he had anything running anywhere or logged in anywhere, and he said no.

    So we ran this tool that allows us to see where his ID might be used and it came up there were a couple of SQL servers where using his ID. They were being used for SQL reporting and DBs running scripts with his ID. So what happened was when he changed his password over vpn on the weekend, something happened where it broke and it didn’t propagate everywhere and it didn’t update everywhere. So his old password on these SQL servers were still using and turning to connect to the network with his old credentials.

    So I went in and removed his credentials from those SQL boxes and problem was solved.

    It justifies my suggestion. If you would have drop the Logins (forcefully) all of these connection would have been invalidated. Everything would be smooth thereafter (Creating a New login).

    In this instance this wouldn't of helped as they detail there are multiple SQL servers at play here, not just the one having the issue with the login. It seems that there where a number of SQL servers running under the users account, as this was locking the account out at AD level when the account tried to authenticate with SQL, AD said no as the account is locked.

Viewing 15 posts - 1 through 15 (of 20 total)

You must be logged in to reply to this topic. Login to reply