Login failed for user ''NTAUTHORITY\NETWORK SERVICE''
-
Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’
Exception Details: System.Data.SqlClient.SqlException: Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’
How do I overcome this login fail?
After a week fulltime on this I understand somehow ‘NT AUTHORITY\NETWORK SERVICE’ has to be got to my database but nothing I have seen explains clearly exactly how, nor can I ‘wing’ it.
ASP.NET. VB.NET. Server 2003. IIS 6.0 SQL Server
Sample application, and database in MSDE VSDOTNET which I can get to and do anything with. Mandatory Login of ‘apress’, password of ‘apress’. Sample has good/sound code including HTML and Web.config entries which I can check by eyeball with the original.
In IIS6 Application Pools\DefaultAppPool properties\Identity TAB there is a security account selected ‘Predefined’ of Network Service. This User Account is as expected from reading.
Somehow it seems this User Account has to be added to the database as a permission – but how? The devil is in the detail.
In SEM I can find no way to add the permission or whatever. Remember the Login and Password have to be ‘apress’.
The problem in searching is ‘Network Server’ is a very common problem for all sorts of situations. Worse nothing shows in searching Microsoft.
Any pointers much welcomed, and a direct reference to a source of answer very much appreciated. By comparison ASP.NET, VS.NET and VB.NET is a delight.
Derek
-
Hi there,
I had a similar problem... there's not much out there, is there!!
I use the servername\IIS_WPG account in SQL2000 for my ASP.NET applications on SERVER 2003... try using that & all should be well. Don't forget to specify which database that username has access to....
Tim
-
Tim,
Thanks for reply. I did have that on my list - but Server 2003 still needs 'Network Service' working into the equasion somehow/somewhere but I cannot do it yet.
Will try.
Regards
Derek
-
Derek,
I stand to be corrected, but I really don't think you need the NTAUTHORITY\NETWORK SERVICE login in SQL SERVER. Why do you think it needs to be in there somewhere?
I have 3 logins on my SQL Server - sa, BUILTIN\Administrators and servername\IIS_WPG.
Everything works!
Don't forget to post and let us all know how you get on....
Tim
-
Tim, you asked for it remmember.
A Google Beta search of ‘Groups’ rather than the ‘Net’ reveals many more hits, with responses from Microsoft, usually vague peer to peer hints rather than straight help. MS see their job to make tools not give help on use – fair enough. Third parties are left the task of teaching, classes, books and forums etc. Classes are good but expensive as a very keen but raw beginner in 1966, I did 6 months in classrooms in London in a year for IBM 360.
For ASP.NET I am using a good book with samples. The problem lies in it is for XP/IIS 5.1 and I have Server 2003/IIS6. The book ignores that combination and the inevitable problems with SQL Server – now I know why.
However, in ‘Groups’ the real world of developers put in their oars in a more realistic way, some pure gold.
The problem is the complexity which comes from the huge number of factors in individual cases/scenarios.
It looks to me like a truth table at least a 10 x 10 matrix of factors. This may be needed repeated for some of the major consideration, quite a task I have not seen tackled. Would it be too useful or just too hard to do.
Here are some considerations, including mine – NO ORDER.
- As the sole user of my machine I am by default the Administrator. This gives me the ability to do anything, which horribly obscures bad practises etc.
- When I signon as less than Administrator, as I should for best practise, things will inevitably behave differently, one more layer of complexity. Each level needs permissions and would need showing in the truth table.
- A database is provided to be added to MSDE with mandatory Logon and Password.
- A script to use mixed access. This needs creation of an SQL login for the database and a connection string to use SQL security rather than Trusted, and new user credential for “uid=username;psw=password;”
- First class text to manually create an ASP.NET VB.NET application using Visual Studio.NET. This gives printable and executable stuff in VB code-behind, HTML, xml etc. with every chance of screwing it up! Fortunately I can print each chapters finished ditto to have some chance of catching errors – and it is the only way to survive. THIS IS VERY RIGID.
- Each OS/IIS and Framework combination availability will be different. My OS is Server 2003 enterprise with IIS6 and Framework 1.1.
- Visual Studio 2003 full version. Some may have different.
- Database availability. Mine is SQL Server 2000 enterprise giving the lovely SEM. Don’t even think of another at this stage, see next item.
- MSDE free download sp3a to try for first time as hopefully punters will use this freebie. This is NOT Local, SQL Server Enterprise is, but a named instance MachineName\VSDOTNET. This is where my DB is.
- For development both Server and Client are on one machine, as I have done before with VB pre .net (a little).
- ‘Windows Security’ so as not to pass details in clear to database.
- Impersonation NOT wanted as best practice.
- Anonymous access NOT wanted as best practice.
- Integrated security needs ‘NT AUTHORITY\NETWORK SERVICE’ user access in SQL Server
- *********** Single Login to manage all database calls wanted – and that requires ‘NT AUTHORITY\NETWORK SERVICE’ user access. There were several good clear description how do and set this in SEM/Query Analyser from Google Groups either typing of using sp_grantlogin.
- Note, if the Server and Client are on separate machines, in or not in same domain it changes in IIS
- On a single box ‘NT AUTHORITY\NETWORK SERVICE’ user has to have been granted permissions. Choose individual permissions, NOT dbo database owner.
- Remember new users in SQL server need adding with permissions.
At this point I am interrupted by my cats sitting on my notes, exactly where I treated them with anti flea stuff last night, to get their own back I suppose, yet another of my unique factors in development.
- There are several connection strings to choose from.
- ASP.NET Web Config. file needs settings.
- NTFS file permissions can come into the picture somewhere.
- Encryption can be use for more security, somehow.
- Talking of security, hard coded connection strings can be decompiled!
- Lookout. SQL credential are transmitted in plain text across networks, so encryption and plan concealing are needed.
Wow, so much for my 10 x 10 truth table. For sure I have left things out and maybe doubled up on others, but you see the problem of complexity.
For now I will do anything to get the samples working, if only for encouragement. So I added
‘NT AUTHORITY\NETWORK SERVICE’ user access to SQL Server MSDE and ran the example in VS.NET.
The good new was the old Server Error message has gone. The bad news is another one shows! But it is progress, so now to compare my manual typing with the printed finish chapter sample printout.
Regards
Derek
-
Just thought id throw my 2cents into this as well, just started recieving this error after applying the latest batch of updates from MS (Novmeber 2005 updates)
Windows server 2003 SP1 , SQLServer 2000 SP4,
I know this wont be ideal for everyone, but i was using a user account for the sql agent , but changed it back to the local system account.
A side effect of this problem is that i couldnt run jobs but now I can now run jobs etc. unfortunately i havent had a chance to delve deeper, but i didnt need this with a deadline for a release in 24hrs :\. Just needed it working.
HTH to anyone who might be having similar issues to this
------------------------------
Life is far too important to be taken seriously
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply