Windows Authenticated User Login

Similar Messages

• HOW TO CREATE WINDOWS AUTHENTICATION USER IN SQL SERVER AFTER INSTALLING SQL SERVER 2008

  I had an error while executing asp.net appcation from IIS as follows
  Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  Description:
  An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  [SqlException (0x80131904): Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.]
  Can the above problem be solved by CREATING WINDOWS AUTHENTICATION LOGIN FOR
  'IIS APPPOOL\ASP.NET v4.0'  ?
  If yes, how to create the login?
  If no,what is the best possible solution?
  Please reply as soon as possible as i am unable to run my project which I had done in my lab,in my home system.

  Hi Praveen,
  To fix this issue, you need to change the Identity of your website's Application Pool to use the
  NetworkService account (or the less secure LocalSystem account).  By default, IIS7 seems to set the Application Pools Identity to 'ApplicationPoolIdentity' instead of NetworkService or LocalSystem.
  Here's a step-by-step guide for determining your websites Application Pool, then changing its Process Model Idenitty in IIS7:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, drill down into Default Web Site and click on your website.
  3.Now in the Actions sidebar (on right side), click on Advance Settings... In the popup box, under General you will see your Application Pool listed for your website (in my case the app pool is: ASP.NET V4.0).
  4.Click Cancel...  If you choose, you can change the Application Pool here, but for the sake of this example we just wanted to find out what the website's App Pool was.
  Then change the app pool's (Process Model) Identity to 'NetworkService', the steps are showed as below:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, click on Application Pools.
  3.Now right-click on theApplication Pool that your website is using (in this case my site is using the ASP.NET v4.0 application pool), and select Advanced Settings... from the menu.
  4.In the Advanced Settings pop-up box, locate the Process Model -> Identity section and click on the Application Pool Identity.
  5.In the Application Pool Identity pop-up box, change the Built-in account to NetworkService (or if you want LocalSystem), then click OK, and click OK again to save your Advanced Settings changes.
  Hope this helps.
  Best Regards,
  Peja
  Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• SQL Windows Authentication with Login of AD Group 'Domain Admins'

  Having a bit of a difficulty with Microsoft SQL Server 2012 windows authentication integration...
  The server is setup to have Windows authentication used as its means of login authentication. No issues with this other than a strange error that occurs on multiple SQL servers in our domain: 
  When a login is created for domain group "[domain]\Domain Admins", users within this AD group cannot connect to the SQL server through the Management Studio. The error that SQL server gives is Error 18456, Sate 11, i.e. "Valid login but server
  access failure"
  However when a different AD group is added as a login (like [domain]\[group]), users from this group can successfully log into SQL server. It seems that adding any other group, even groups from a different domain, grants successful authentication as I would
  expect EXCEPT the AD group 'Domain Admins".
  Is there some restriction/security feature at play here on this AD group that makes using the 'Domain Admins' group as a login not possible? 
  Andrew

  Yes, this group was removed and readded just yesterday to try to fix the issue.
  Here is the output of the command:
  class
  class_desc
  major_id
  minor_id
  grantee_principal_id
  grantor_principal_id
  type
  permission_name
  state
  state_desc
  105
  ENDPOINT
  2
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT
  105
  ENDPOINT
  3
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT
  105
  ENDPOINT
  4
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT
  105
  ENDPOINT
  5
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT

• How to Configure SQLServer2008R2 to let Windows Authenticated Users Create Database with MCV4 Code First App

  Trying to Learn MVC code first with Vs2013 web express on windows 7 os computer. When code runs to create database get: An exception of type 'System.Data.SqlClient.SqlException' occurred in EntityFramework.dll but was not handled in user code
  Additional information: CREATE DATABASE permission denied in database 'master'.
  Have this problem with the 'OdeToFood' plurasight course as well with the
  'developing ASP.NET MvC 4 Web Applications Jump Start' MVA course.
  Re-installed sql2008r2 using window
  admin user and ran the project and get same message as when i run the project with the none admin user. 
  What are steps to allow database creation for admin user and none windows admin user?
  Daniel Howard

  David, thanks for the reply.
  I believe the problem may be something else because after adding the 
  user to 'sysadmin' and I still get the message
  Additional information: CREATE DATABASE permission denied in database 'master'.
  Perhaps I need to go to ASP.NET forum to ask the question.
  I will mark you answer as answer.
  Thanks again
  Daniel
  Daniel Howard

• View logs in windows server (User login and logout )

  Hi Guys,
  I want to see the user login and logout times to the systems. I want know on which systems (Hostname) they logged into that account. 
  Could you please help me. Thanks in advance

  Hi
   You can check the log's on event viewer console,here is good article for your needs,please check;
  https://support.microsoft.com/en-us/kb/556015?wa=wsignin1.0

• Windows 8 - user login and Kerberos Realm problems.

  Hi,
  Just installed Windows 8 Enterprise x64 from our MDT into our production enviroment for some final testing. I have done this with both Consumer and the Release Preview just to make sure our infrastructure can support user that want to run Windows 8 (Win
  7 Enterprise will still be the default OS for our client desktops).
  The problem I reported here with the Consumer Preview
  http://social.technet.microsoft.com/Forums/en-US/W8ITProPreRel/thread/069f59be-b89c-4005-8cd2-ff5fd756825a is still alive and kicking.
  Logon after fresh reboot. (Windows 8)
  Username: XWYZ
  Password: *********
  Sign in to: "OURKERBEROSREALM.SE"
  We authenticate all our users with our Kerberos Realm and in our AD's all user passwords are random dummy placeholders, and are linked to the Kerberos realm.
  When a user lock their computer, or put it in sleep mode, they should see this at their login.
  XWYZ (their full name)
  "OURKERBEROSREALM.SE\XWYZ(their username)
  Locked
  Password: ********
  But it does not show this… it shows:
  XWYZ (their full name)
  WINDOWS DOMAIN NAME\XWYZ(their username)
  Locked
  Password: ********
  This meens that when they want to unlock their desktop, or login after sleep, it will try and authenticate their login on the domain AD and not the Kerberos realm. Howver if you choose to go back and select "other user" it defaults back to using "OURKERBEROSREALM.se"
  as "Sign in to:" domain.
  This worked flawlessly in XP, Vista and Windows 7, but not in Windows 8. Not having our Kerberos realm as default login in every scenario is kind of a bummer.

  I had some brief time looking into this, and my awesome workbuddy found that you can poke about the keys found in
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1
  With the LastLoggedONSAMUser and LastLoggedOnUser values I changed from from "domain"\username to "kerberosrealm"\user, and when locking my computer or restating, I now have no need to choose "other user" every time I want to login again.
  Atleast somewhere to start.

• Moving/Linking Claims Windows Auth user to an ADFS Claims

  Hi guys, 
  Here is my situation:
  Initial deployment: SharePoint 2010 with Windows Authentication - Users login using AD
  We successfully migrated the web application to use "Claims"
  We then integrated the web application with ADFS 2.0 - Using the same AD users
  Everything seems good and working fine. 
  The question I have is related to content already created in SharePoint. Is it possible to map the new ADFS account usernames to the existing windows authentication claims usernames?
  This is important for users, because we would like the "My" views of lists and libraries to work. SharePoint at the moment thinks that the logged in users (using ADFS) is different than the user who created/modified the documents. (Although it
  is the same AD account)

  Hi Inderjeet
  Thanks for your reply. The article did help in moving users (Move-SPUser) from AD to ADFS (Which I noticed in the securities in groups), however, the issue I'm looking for is still standing where the items that were created by the user using "Windows
  Auth Claim" were not moved/updated to the "ADFS Claim" user, which in fact they map to the same AD user.
  Is there away to transfer/update the created by and modified by attributes of users from Windows Claims to ADFS Claims user?
  UPDATE: The above statement is not correct. Move-SPUser actually updates the created by and modified by attributes to. 

• Windows Authentication login cannot access backup files stored in Users\[User] folder.

  I am currently logged in to my database engine using SSMS and Windows Authentication; specifically, I am logged in with Joe-PC\Joe, where Joe-PC is the domain name of the machine hosting the database, and Joe is the user that created the database. 
  If it matters, I am running all of this locally from Joe-PC.
  I have a .bak backup file stored in my C:\Users\Joe\Desktop folder that I am trying to restore.  However, I get an error saying 'Either the location does not exist, or the current login account does not have access to it.'  I am certain the location
  exists, as I am looking at it right now, and I can't see why Joe-PC\Joe wouldn't have access to it's own user folder. 
  I am absolutely baffled as to why this is behaving this way.  I am fully aware that I can work around the issue, but I'd like to know why this isn't working as it seems like it should.  Does the Windows Authentication that SQL Server uses not have
  the permissions that the account would normally have?  Is the Windows Authentication user even the same thing as the user that logs into Windows?  What else could be going on that I don't understand?

  Keith
  Thanks for your answer.  My user account is one of two administrator accounts on this computer (the other is only set up for consistency sake, and has probably only been logged into a total of 5 times; all of our computers have the account though, so
  I thought I should put it on here as well).  The issue isn't that my account doesn't have restore permissions, just that SSMS can't access the user folder when logged in using Windows Authentication.  Another issue that I assume is related results
  in a lack of permissions on backup files until I manually set permissions to 'Everyone' under the backup file's properties\security tab.  Also, not sure if it matters, the backup is taken from a customer's computer running Win 7 Pro x86 while my computer
  is on Win 7 Ultimate x64.
  Not sure if this helps pinpoint the issue, but my current workaround is as follows:
  Copy the .bak file to the C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.WSA\MSSQL\Backup (default backup folder)
  Right-click the .bak file and go to the properties toolbox.  Select the Security Tab, give full permission to 'Everyone'.
  In SSMS, select 'Restore Database' after right-clicking on 'Databases' in left-hand tree.
  Give the DB a name, restore from device, select my file.
  This method hasn't failed me yet, but any deviation (other than setting permissions before or after moving) causes me to get access errors when I try to restore.  Fortunately, this isn't a production database engine, just a testing environment, but
  I'd like to get an idea of what's going on, because I know it's only a matter of time before I or a customer runs into this issue.

• How to resolve a windows authenticated orphaned user in Sql Server 2008 R2?

  Hi,
   We have some orphaned windows authenticated  users(domain) in the database while it had been
  migrated from Sql Server 2005 to Sql Server 2008 R2, because there are no corresponding
  logins for the users. Will just adding the logins would be sufficient or after adding the
  logins should we also run sp_change_users_login @Action='update_one' to resolve any sid
  conflict. Thanking you in advance,
  With regards
  Binny Mathew

  Binny
  You have issue with orphaned users if you use Mixed Authentication.  If you use Windows and move the db to the new server the Windows Login should be exist on the new server already.
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• Database access using windows authentication

  We are updating our Applications to use single sign on and are running into a problem with database access. We are using CF11 Enterprise and SQL Server 2008 on IIS 7.5.
  We have set up the ColdFusion Application Service to run under an AD service account and have created the data sources in CFAdmin leaving the username and password blank. The data sources verify and all seems good. The problem comes when running a query. The credential passed to the database is the service account and not the windows authenticated user. As such the query fails. What are we missing to get CF to pass the Windows Authenticated user credential instead of the service account?
  Thanks
  Tim

  ColdFusion does not pass user's credentials to the database connections by default, and cannot pass Windows Authentication credentials that way.  It only sends the service account's credentials (if you leave username/password blank as you have done).  The only way to pass user credentials is to put them into the individual query calls themselves, and even then you can't pass Windows Authentication credentials.  You would have to use SQL Server Logins, and create accounts for each user.
  I think most people are using either a dedicated SQL Server login for ColdFusion and run all queries under that account, or they do as you have already done and use Windows Authentication along with the ColdFusion service account.  If you need an audit trail, then pass usernames into the insert/update queries and store them manually along with the other data you are inserting/updating.
  -Carl V.

• Essbase SSO based in Windows authentication

  Hi,
  Its possible to have a SSO in a EPM System based in reusing windows authenticated user to avoid having to refill user credentials in a EPM System? (We are using Java embedded container as app server)
  Thanks

  alfons wrote:
  Its possible to have a SSO in a EPM System based in reusing windows authenticated user to avoid having to refill user credentials in a EPM System? (We are using Java embedded container as app server)It is not possible to do this currently. I have seen Essbase roadmaps that show Kerberos authentication and hope they put it into the Essbase Java API..
  Tim Tow
  Applied OLAP, Inc

• Windows Authentication issue

  Hi,
  I use the windows authentication to login into planning 4.1 and reports 7.2, but now for the last few days i can login into planning but not into hyperion reports with the windows id. What can be the issue and how should it be solved? Thanks

  What is the error you are getting while logging on to reports ?.

• Retain Windows authentication but allow re-login as another user

  I have been reading all about Login as a different user being disabled, the use of loginasanotheruser and how this is not recommended for later browser.  Here is my situation that I am at a loss to resolve. 
  All of our users connect to SharePoint using Windows authentication. This needs to remain.  However in our board room we have a number of computers all logged in with a common windows user account.  Executive meetings are confidential and
  we do not want to allow access to their site by the common Windows user - they must user their own login.  Normal browsing is to retain the Windows authentication however when they come to the executive SharePoint site we need to present a login before
  they progress. 
  I have seen comments on using "runas.exe" or the "Run as" option on shift-right click.  The trouble is that we do not know which participant will sit at a particular seat/computer in the room.  Our executive want everying by
  minimal clicks and complexity.  The expectation is that they enter the room and the site login page is already displayed as they arrive.
  So any ideas?  This one has me stumped.

  You could have a little batch file that asks for username and password then runs the 'runas.exe' with those details. That does the same thing as leaving a login page lying around.

• Users using Windows Authentication unable to login after upgrade to SQL Server 2012 SP2 CU1

  We upgraded from SQL Server 2008 R2 to SQL Server 2012 SP2 CU1.  Upgrade was successful.  Users that have SQL Server Management Studio 2012 can successfully log in via Windows Authentication, but users with an older version of SQL Server Management
  Studio are unable to log in via Windows Authentication. 
  The error they receive is listed below:
  Connect not connect to XXXXXXX
  Login Failed.  The login is from an untrusted domain and cannot be used with Windows Authentication. 
  (Microsoft SQL Server, Error: 18452)
  If we switch to Mixed authentication, users can log in via SQL Server Authentication.
  Our security policy prohibits SQL Authentication. 
  Outside of having the staff upgrade to SQL Server 2012 SQL Server Management Studio, is there any setting I can set/unset to allow older version of SQL Server Management studio to connect to SQL Server 2012?
  Thanks.
  DJ

  Glad to see that you were able to resolve the issue yourself, but for the curious, could you explain what this
  Extended Protection is?
  Erland Sommarskog, SQL Server MVP, [email protected]

• My MacBook Pro Retina's Bluetooth chipset unknown/odd login message on the login screen states Login Window Authentication Login window Name edit text has keyboard focus. In addition, the login screen is not remembering me

  I have been experiencing several issues with my MacBook Pro Retina mid 2012. My MBPR is scheduled to go into the depot. However, I am wondering if anyone may be able to shed light on a few issues as this is the third "official" time my MBPR is going back for service ("one depot" trip; "one authorized" dealer; several in-store visits).
  My Bluetooth is stating that the Bluetooth Chipset is Unknown (0). I also have had Bluetooth Preferences mysteriously change on me. In addition, while Bluetooth is off there are two serial modems turning on. I have turned them off, but they continue to pop up.
  In addition, when I log in, my MBPR is not remembering me and my login name is not appearing on the slate-gray screen. The name and password are blank and the following message appears in the lower left hand corner. "login window authentication login window Name edit text has keyboard focus."  As a side note, I am the only user. The login issue is a recent occurrence as we just totally wiped it again via a Command + R, and I don't believe I have an accessibility setting set to anything that would cause this, but wanted to check.
  Should I be concerned here? Has anyone else had issues like this? I don't want to worry if I don't have to. I have had so many issues over the course of nine months. 5-6 wipes. Airport card replaced and I am about to pull my hair out if my MBPR doesn't come back worldly like clock work this time. I just can't send my days trying to get a $2300 product to work for me any longer. No idea what is wrong with it, but it is driving me insane. Cross your fingers for me and any guidance you have or thoughts would be welcomed. Thank you. EMM

  A few more issues...
  In Console, the following is greyed out:
  User and Diagnostic reports
  Com.apple.launchd.peruser.0
  Com.apple.launchd.peruser.88
  Com.apple.launchd.peruser.89
  Com.apple.launchd.peruser.92
  Com.apple.launchd.peruser.97
  Com.apple.launchd.peruser.200
  Com.apple.launchd.peruser.201
  Com.apple.launchd.peruser.202
  Com.apple.launchd.peruser.212
  *[user logs are accessible]
  Krb5kdc
  Radius
  My guest files are locked, but again I am the administrator of MBPR.
  I am worried about a keystroke logged or at least, trying to rule it out.
  Also:
  Mdworker32(225) [and other mdworker numbers] are sandboxing; stating deny Mach-lookup
  Com.apple.Powermanagement.control, etc. long attachment with those files with version: ??? (???).
  Postinstall: removing applications/Microsoft Office 2011/Microsoft Outlook.app
  WARNINGS in Console include:
  [NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 19.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction] instead.
  There are a ton of other warnings. Before I go through this again, can someone tell me if this is normal (all of it -- above too); or if these are symptoms is a keystroke logger or hardware issues? 
  I ask because originally, when my computer went in for diagnostics (more than once), Apple stated the hardware was fine (other than Airport Card -- finally). However, if I've done 5-6 total wipes; created new users; do not have sharing set-up; have not played around in Terminal; and am up-to-date with versions -- and various issues KEEP COMING BACK -- I am left wondering if a keystroke logger would be possible here?!? I thought maybe a faulty logic board, but why would diagnostics be okay, then? Not trying to be hyperbole, just desperate.
  Please help me rule keystroke logger out or at least, tell me so I know, so I can take appropriate action. If you think it could be the logic board with symptoms above, that would be a great too.
  All I want to do is use the computer as intended, but I can't seem to get a real answer, so after nine months -- I am turning to the communities to see if anyone -- anyone at all -- can help. The last thing I can do is have the MBPR come back from the depot and the same thing occur. Any guidance or advice would be so gratefully appreciated.