February 20, 2023 at 12:46 pm
Hello People,
I found information over the internet and went step by step to check each setting but i surrender myself and decided to post here regarding this issue which i am facing.
Login Failed. The login is from an untrusted domain and cannot be used with Windows authentication. Microsoft SQL Server, Error: 18452
The issue occurs when i try to connect via SSMS from the client machines from one domain to another domain where SQL server is installed.
servername\instance01 error 18452
servername\instance01, Port of instance - no issues, connection is successful
IPadress of SQL server\instance01 - successful
IPaddress of SQL server\instance01,Port - successful
FQDN\instance01 - successful
This have worked back in January that is like 3 weeks ago, and we are still troubleshooting the cause.
the test examples with instace02 is all working fine...
Briefly will explain for the environment:
2 Domains, with configured Trust between them. lets say domain.contoso.com and domain.libre.com
1 SQL Server with 2 instances working on SQL server 2008 R2 in domain.contoso.com
SQL is configured in Mixed mode.
TCP/IP is turned On.
SQL browser service is turned On.
Named Pipes is turned On.
Via is Off.
No Aliases configured.
TCP/IP dynamics ports is empty.
2 instances first is configured with port 1433, second is configured with 1343,
2 Windows clients with Windows 10 Enterprise version 22H@ OS build 19045.2486 installed in domain.libre.com
They have trust between the domains, DNS works fine. Pinging back and forth gives the correct IP or by hostname it gives the correct result.
nslookup gives the correct results.
on the client machines, running in the CMD: SQLCMD -L shows the available SQL instances which i can access.
FIreWall ports are opened.
Host File is changed for client machines pointing to SQL server IP address and FQDN.
Why from only two client machines it is not possible to connect via SSMS to SQL server from the other domain, using the sqlservername\instance01 ?
Please let me know if you need more information to investigate together this.
Thank you,
VM
February 20, 2023 at 8:02 pm
You have DomainA, and DomainB, and there is a trust between them.
Your server is DomainB\MyServer.
Your login is DomainA\MyLogin
On server DomainB\MyServer, add the login DomainA\MyLogin to the server.
If it works, you did not have the login set up in SQL Server.
If it fails with the "Login is from an untrusted domain...", then the trust between the domains is not configured to allow this or you are not logged into the domain.
I would suggest this:
In the "parent" domain, create a set of AD groups. Let's say "SQlAdmins", "SQLWriters", and "SQLReaders".
In the domain that trusts the "parent" domain, create the same groups, and the only members would be the AD group from the "parent" domain.
I suspect that DomainB fully trusts DomainA("parent"), but DomainA does NOT trust DomainB.
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
February 21, 2023 at 2:13 pm
This was removed by the editor as SPAM
February 22, 2023 at 4:03 pm
This was removed by the editor as SPAM
February 22, 2023 at 4:11 pm
This was removed by the editor as SPAM
February 22, 2023 at 5:34 pm
Why are these replies getting flagged as spam?
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
February 24, 2023 at 12:04 pm
This was removed by the editor as SPAM
August 1, 2024 at 1:21 am
I do not mean to disrespect anyone, but it is my humble opinion that every one is going on the wrong branch on this topic , mostly irrelevant.
Case in point , I setup a web server in September 2018 with SQL express 2019 for the DB. The SQL server has mixed mode authentication & I happily used WORKGROUP\USERNAME to login to the SQL server and this user has all rights. I use SQLBackupAndFTP to backup and FTP the backup off the server. This application also uses WORKGROUP\USERNAME to login to the SQL server. I rarely if not never have to logon to the server to do anything or check anything , it has been running like Clock Work.
Today I happened to be cleaning the alerts/log folder in email and noticed the following notice from SQLBackupAndFTP
ERROR: Job execution error: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication
Logged on to the server and realized that WORKGROUP\USERNAME could not login to the SQL server. SQL Server Authentication worked.
A little digging showed that this error started on 4/5/2024 after almost 6 years. This cannot be a configuration issue , it must be a Windows update issue. I for one will use SQL Server Authentication and move on , but would really like to know the why & the what.
Ashwin
Lansend.com
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply