Permission issues in sql window authentication

Similar Messages

• SQL Windows Authentication with Login of AD Group 'Domain Admins'

  Having a bit of a difficulty with Microsoft SQL Server 2012 windows authentication integration...
  The server is setup to have Windows authentication used as its means of login authentication. No issues with this other than a strange error that occurs on multiple SQL servers in our domain: 
  When a login is created for domain group "[domain]\Domain Admins", users within this AD group cannot connect to the SQL server through the Management Studio. The error that SQL server gives is Error 18456, Sate 11, i.e. "Valid login but server
  access failure"
  However when a different AD group is added as a login (like [domain]\[group]), users from this group can successfully log into SQL server. It seems that adding any other group, even groups from a different domain, grants successful authentication as I would
  expect EXCEPT the AD group 'Domain Admins".
  Is there some restriction/security feature at play here on this AD group that makes using the 'Domain Admins' group as a login not possible? 
  Andrew

  Yes, this group was removed and readded just yesterday to try to fix the issue.
  Here is the output of the command:
  class
  class_desc
  major_id
  minor_id
  grantee_principal_id
  grantor_principal_id
  type
  permission_name
  state
  state_desc
  105
  ENDPOINT
  2
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT
  105
  ENDPOINT
  3
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT
  105
  ENDPOINT
  4
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT
  105
  ENDPOINT
  5
  0
  2
  1
  CO  
  CONNECT
  G
  GRANT

• File Permission issues on a windows server after updating

  Hello,
  But, I just updated Adobe InDesign and have a problem opening files on the network. This was not an issue until the upgrade.
  Strangely, it’s JUST InDesign, opening files on the network. Doesn’t happen to local files, other Adobe products, or the MacBook we have on site.
  JUST InDesign on the new iMac and opening files on the network.
  I’m stopped the first time and have to try it again. It seems to work every time on the second try.
  Any ideas please. I am stumped.

  I am having the same issues here. I am also having issues saving a new file onto a server. Along with packaging onto the server. Only started after this update. My coworker is having these same issues after updating as well.

• Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

  Hello,
  I have gone through couple of posts regarding this issue but couldn't get the right solution. Could you please help what exactly we are missing here.
  Details:
  1) we have two SQL instances on one standalone machine (Default Instance (2008 SP3) + Named Instance (SQL 2012 SP1))
  2) Both instances are configured to accept SQL+ Windows authentication.
  3) when we give access to our users they are getting following exception if they connect with 'windows authentication'. (For both instances)
  Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
  Note: (Being a sys + windows admin I'm able to connect both the instances from same client machine without
  any issues)
  4) Also, we observed following error in windows application event log,
   SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.
  The logon attempt failed   [CLIENT: 192.168.xxx.xyx]
  5) If we create SQL login it is working fine without any issues.
  Could someone guide/help  me identifying and fixing this issue.
  Thank you

  Hello,
  Are those Windows Logins associated to domain Windows accounts? Windows Logins work for domain accounts and local Windows account created on the server where the SQL Server instance is installed (and used to login locally to the server).
  Could you try to delete one of the Windows logins that fail to login , and try to recreate them?
  The following resources may help:
  http://blogs.msdn.com/b/dataaccesstechnologies/archive/2012/12/19/error-message-quot-login-failed-the-login-is-from-an-untrusted-domain-and-cannot-be-used-with-windows-authentication-quot.aspx
  http://support.microsoft.com/kb/555332
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• Windows authentication failure on SharePoint 2013 zone

  I am attempting to set up a Windows authentication zone in a SharePoint 2013 installation for use by the search crawler.  The zone has been configured to use NTLM in order to eliminate Kerberos from the equation.  The result of my
  attempts to access the Windows authentication zone is a 403 error.  Central Administration is working on the same server, and of course is using Windows authentication.
  I know about the issue of using Windows authentication to localhost, and have configured the backconnectionhostnames entry in the registry.  To prove that I can use Windows authentication using the intended host name for the SharePoint zone, I have
  set up a test IIS site that binds to the host name used by the zone, and successfully authenticated using Windows authentication.
  From monitoring the ULS logs it's obvious that I'm actually successfully completing Windows authentication, and getting a SharePoint claim, but from that point I'm being denied by SharePoint.  I do know that my Windows credentials has site collection
  administrator privileges.  The most interesting failure in the ULS log appears to be:
  SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
  Another odd thing is that after the ULS indicates I have failed authentication, I'm redirected to /_layouts/AccessDenied.aspx instead of the login page defined in web.config.  I have tried many things, including enabling Kernel-mode authentication. 
  Below is an excerpt from my ULS logs:
  SPApplicationAuthenticationModule: There is no Authorization header, can't try to perform application authentication.
  Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.53, Original Level: Verbose] Value for isAnonymousAllowed is : {0}
  [Forced due to logging gap, Original Level: Verbose] Value for checkAuthenticationCookie is : {0}
  Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.56, Original Level: VerboseEx] Sending HTTP response {0} - {1}:{2}.
  [Forced due to logging gap, Original Level: Verbose] SPRequestModule.PreSendRequestHeaders
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5320.19544383434
  Name=Timer Job SchedulingApproval
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=16.4101862108173
  Name=Timer Job SchedulingApproval
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=14.9021733209109
  Name=Timer Job SchedulingApproval
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.95, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnEndRequest: Start
  SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=17.2175513927049
  Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
  Name=Request (GET:https://crawler.my.host:443/)
  Micro Trace Tags: 0 nasq
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=9.54646470431298
  Name=Request (GET:https://crawler.my.host:443/)
  SPTokenCache.ReadTokenXml: Successfully read token XML 'mydomain\myuser'.
  Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
  Token Cache: Entry missing for user 'mydomain\myuser'.
  Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
  Claims Windows Sign-In: User 'mydomain\myuser' for request url 'https://crawler.my.host/' does not have a cached SessionSecurityToken.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:33.24, Original Level: VerboseEx] We are in claims windows only mode for for request url '{0}'.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:33.71, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  SPSecurityContext: Added JsonWebSecurityTokenHandler to trust channel factory
  SPSecurityContext: Replaced WSTrustRequestSerializer with SPTrust13RequestSerializer
  SPSecurityContext: The SecurityTokenServiceBehavior is attached to the TrustChannel.
  SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'
  MessageId: 'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
  SecurityTokenServiceReceiveRequest: LocalAddress: 'http://servername:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId:
  'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
  Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No
  STS Call: Issuing new security token.
  SPSecurityTokenServiceManager!EnsureSharePointLogonRequestClaims: Found primary sid claim. Value: 's-0-0-0-0-0-0-1234'.
  Using claim provider 'System' for operation because it is default and it is visible.
  Excluding claim provider 'AD' for operation because it is not default and .
  Using claim provider 'AllUsers' for operation because it is default and it is visible.
  Excluding claim provider 'Forms' for operation because it is not default and .
  Using claim provider 'User Profile Claim Provider' for operation because it is default and it is visible.
  STS Call Claims Windows: Setting cookie lifetime to: Microsoft.IdentityModel.Protocols.WSTrust.Lifetime
  STS Call Claims Windows: Successfully requested sign-in claim identity for user 'mydomain\myuser'.
  STS Call: Successfully issued new security token.
  Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=13.187150880908
  [Forced due to logging gap, cached @ 12/01/2014 15:48:34.87, Original Level: Verbose] The SecurityTokenServiceHeaderInfo including the correlation ID was added.
  Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue). Execution Time=719.713539011243
  [Forced due to logging gap, cached @ 12/01/2014 15:48:35.60, Original Level: Verbose] ____{0}={1}
  Claims Windows Sign-In: Siginging in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
  Updating X.509 certificate validation policy
  [Forced due to logging gap, cached @ 12/01/2014 15:48:36.26, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  Adding X.509 certificate thumbprint '493E6806F4178EDD685BE5EA0AAF79ED30FB4A90' to root authority trust
  SPLocalLoginProvider: Initializing and creating S2S Claim Mappings
  SPLocalLoginProvider: Initialized S2S Claim Mappings.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:36.37, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:37.17, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:37.96, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnSessionSecurityTokenCreated: Start
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.10, Original Level: VerboseEx] SPSam.SetPrincipalFromSessionToken: End
  [Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2}
  Token Cache: Failed to add token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to Add the token for '0).w|s-0-0-0-0-0-0-1234'.
  Token Cache: Successfully added token to cache for '0).w|s-0-0-0-0-0-0-1234'.
  SPTokenCache.ReadTokenXml: Successfully read token XML '0).w|s-0-0-0-0-0-0-1234,0#.w|mydomain\myuser,123456789012345,True,dpoRtB/hPcjVrEaJtqVWxhY8Pbfm++oHwWQ5TCB9jBlLx5n2Ky5OqGXM7ntfLB0kqIJNDUkeQrl4wL7xW2m4r0rV1TiOUf+e2mpHq8WOgN67puRViZbCxCkwmmxUpE/1OVNcDFXRCh26tvVFieK99LKZn8BJUtmP8RqxtwtwqBolNjCyZ3rfSSmtFyM3pdWjphdj312R9Lcp9/EhTpvvV1J2lFCig901ZGaPo7zOw3pFyXl1eDs+gF2Bcbc7/mMZw67/gEccsFaekBVH1TK0d9qqr6P/ISeEgzhlK4DChV94ntsw8m8Pb255yTL8WrbTykMFV3jC7R2MvqCmiKGK+g==,https://crawler.my.host/'.
  Claims Windows Sign-In: Not writing a cookie for request 'https://crawler.my.host/'.
  Claims Windows Sign-In: Successfully signed-in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
  Updating header 'LOGON_USER' with value '0#.w|mydomain\myuser' for the request url 'https://crawler.my.host/'.
  Leaving Monitored Scope (SPClaimsCounterScope). Execution Time=4957.74267399907
  SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
  Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|mydomain\myuser, ClaimsCount=27
  Leaving Monitored Scope (PostAuthenticateRequestHandler). Execution Time=31.2877754016223
  Micro Trace Tags: 0 nasq,69 air4a,1 air4b,22 air4a,0 air4b,1641 aeayb,732 b4ly,654 erv2,58 erv3,1814 air36,0 air37,42 b4ly,5 agb9s,39 b4ly
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5101.04328902137
  SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.24, Original Level: Verbose] {0}
  [Forced due to logging gap, Original Level: VerboseEx] SPRequestParameters: AppPrincipal={0}, UserName={1}, UserKye={2}, RoleCount={3}, Roles={4}
  Site=/
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.37, Original Level: Verbose] {0}
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.40, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.48, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  Access Denied for /. StackTrace:    at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnEndRequest(Object sender,
  EventArgs eventArgs)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)    
  at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)     at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)     at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
  wr, HttpContext context)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr
  rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
  at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr
  nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  Leaving Monitored Scope (SPFederationAuthenticationModule.OnEndRequest). Execution Time=351.625416079418
  Entering monitored scope (Request (GET:https://crawler.my.host:443/_layouts/AccessDenied.aspx?Source=https%3A%2F%2Fcrawler%2Emy%2Ehost)). Parent No
   

  I'm extending an existing claims based web application.  The way I'm testing authentication is by attempting to log in to the Windows authentication zone using the browser and an account with site collection administrator privileges.  I've also
  tried using the intended crawler service account, but that also fails authentication.
  With regard to the default zone issue, I've already experimented with using both the default zone and another zone, but neither works.
  BTW, I already have this working in a SharePoint 2013 development environment, and a similar configuration has been in a SharePoint 2010 production environment for over a year, which makes this a particularly maddening problem.
  I have enabled Failed Request Tracing, and get a 401.1, 401.2, then a 403 (which says it was caused by the 401.2).  I'm not sure of the significance, but the 403 trace shows the module for the 401.2 to be UrlAuthorizationModule, while the module for
  the 403 error is FederatedAuthentication.
  Per my ULS trace included in my original post, it appears that I'm actually getting a SharePoint claim.

• How to resolve a windows authenticated orphaned user in Sql Server 2008 R2?

  Hi,
   We have some orphaned windows authenticated  users(domain) in the database while it had been
  migrated from Sql Server 2005 to Sql Server 2008 R2, because there are no corresponding
  logins for the users. Will just adding the logins would be sufficient or after adding the
  logins should we also run sp_change_users_login @Action='update_one' to resolve any sid
  conflict. Thanking you in advance,
  With regards
  Binny Mathew

  Binny
  You have issue with orphaned users if you use Mixed Authentication.  If you use Windows and move the db to the new server the Windows Login should be exist on the new server already.
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• Error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" on SQL Server 2008 R2 Enterprise Edition 64-bit SP2 clustered instance

  Hi there,
  I have a Windows 2008 R2 Enterprise x64 SP2 cluster which has 2 SQL Server 2008 R2 Enterprise Edition x64 SP2
  instances.
  A domain account "Domain\Login" is administrator on both physcial nodes and "sysadmin" on both SQL Server instances.
  Currently both instances are running on same node.
  While logging on to SQL Server instance 2 thru "Domain\Login" using "IP2,port2", I get error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication". This happened in the past
  as well but issue resolved post insatllation of SQL Server 2008R2 SP2. This has re-occurred now. But it connects using 'SQLVirtual2\Instance2' without issue.
  Same login with same rights is able to access Instance 1 on both 'SQLVirtual1\Instance1' and "IP1,port1" without any issue.
  Please help resolve the issue.
  Thanks,
  AY

  Hello,
  I Confirm that I encountred the same problem when the first domain controller was dow !!
  During a restarting of the first domain controller, i tried to failover my SQL Server instance to a second node, after that I will be able to authenticate SQL Server Login but Windows Login returns Error 18452 !
  When the firts DC restart finishied restarting every thing was Ok !
  The Question here : Why the cluster instance does'nt used the second DC ???
  Best Regards     
  J.K

• Get an error for changing the windows authentication mode to the both SQL and windows authentication mode

  I installed the SQL server Express 2008 R2 and then SQL Server Management Studio 2008 R2 . But during the installation, I could not choose the both SQL and windows authentication mode and an error accrued so I did that just with windows authentication mode. 
  Now, I want to change the windows authentication mode account to the SQL authentication mode but it shows me an error which is you do not have permission (Although I am the administrator in windows), what can I do?
  Following steps are the steps that I went but I got an error:
  Server properties >> security >> choose the option of SQL Server and Windows Authentication mode 
  and the error that I got is attached(access is denied)  
  Can you please help me?

  You can change the setting after you gain admin rights to your SQL Server. You don't admin rights automatically, you have to explicitly add yourself during the install
  Here's a guide on how to (re)gain those rights:
  http://v-consult.be/2011/05/26/recover-sa-password-microsoft-sql-server-2008-r2/

• Windows authentication for SQL 2005 DB connect

  Hi all,
  I'm trying to create a DB connect
  in the connection parameters when I mention a user name and password who is created as a SQL authentication then it is working fine.
  but in my connection parameters if I mention a user name password who have a Windows authentication in the SQL 2005 which we are trying to connect then it gives an error. It is not connecting .
  Can you please tell me how can we connect using a windows authentication.
  Mey

  Solution to solve the actual issue :
  For the SAP system to use standard default NT authentication
  Please refer to this link: http://help.sap.com/saphelp_nw04s/helpdata/en/9c/d736b880c34f76b507bac7751a0474/content.htm
  1.       Database login:
  SQL Server login with System Administrator privileges, that is this login should be member of the sysadmin fixed server role on the target SQL Server. If such a login does not exist, you have to create it on the target SQL Server. The SAP multi-connect mechanism allows both integrated security logins and the use of SQL Server authentication. For security reasons, we highly recommend to use integrated security (Windows authentication). If you use Windows security, leave this field empty.
  2.             Password / Re-enter password :
  If you have decided to use integrated security, leave these fields empty. Otherwise enter the password of the SQL Server login.
  The above pointer was used to solve the login issue but we still had issues in getting the schema visible in SAP BW. As the user ID was left blank we were not able to get the schema view for the <blank> user.
  Note to be applied to solve the Schema issue :
  note 1091929 : &#61664; Link
  so now you can enter the schema to be used in DS creaton screen.

• Users using Windows Authentication unable to login after upgrade to SQL Server 2012 SP2 CU1

  We upgraded from SQL Server 2008 R2 to SQL Server 2012 SP2 CU1.  Upgrade was successful.  Users that have SQL Server Management Studio 2012 can successfully log in via Windows Authentication, but users with an older version of SQL Server Management
  Studio are unable to log in via Windows Authentication. 
  The error they receive is listed below:
  Connect not connect to XXXXXXX
  Login Failed.  The login is from an untrusted domain and cannot be used with Windows Authentication. 
  (Microsoft SQL Server, Error: 18452)
  If we switch to Mixed authentication, users can log in via SQL Server Authentication.
  Our security policy prohibits SQL Authentication. 
  Outside of having the staff upgrade to SQL Server 2012 SQL Server Management Studio, is there any setting I can set/unset to allow older version of SQL Server Management studio to connect to SQL Server 2012?
  Thanks.
  DJ

  Glad to see that you were able to resolve the issue yourself, but for the curious, could you explain what this
  Extended Protection is?
  Erland Sommarskog, SQL Server MVP, [email protected]

• SQL Server Window Authentication Slow

  Hi
     We are using SQL Server 2012. When we run our applications with window authentication it runs really slow. But if we use same application with database user authentication then it runs really fast.
      Any Suggestion?
  thanks
  Drew

  Hi Drew,
  When you use Windows Authentication I assume your are using domain accounts (no local account). Your database server has probably some issue connecting to Active Directory. You might have similar delay logging on to the server using a domain account and
  or rebooting the server might also be slow. Most likely your DNS server settings on that server or on your client are incorrect or out of date.
  You can check this from the Command Prompt with the IPCONFIG.EXE /ALL command. Make a note of configured DNS servers. The configured DNS servers should ONLY be the DNS servers from the Active Directory domain (typically those are the same servers as the
  domain controllers). You should remove any DNS servers from the Internet.
  Why does this matter? You may ask. SQL Server needs to connect to the domain controller to verify your credentials. to that it first needs to know the IP address of the domain controller. This information is stored on a DNS server in your Active Directory
  domain, not on public DNS servers on the Internet. If your server is configured with public DNS servers from the Internet, requesting this information will fail and cause an delay until either a correct DNS server is contacted or the domain controller is contacted
  using legacy (NTLM) methods.
  You may have a more complicated situation if more Active Directory domains are involved (e.g. domain trusts, forest trusts, complex nested group memberships.), or if the configured Domain Controller is located at another site and is only connected by a slow
  link, or there is actually a performance issue with your domain controllers. In that case your Active Directory Administrator may supply with more information.
  In short: check your DNS server settings.
  Hope this helps.

• JDBC Connectivity for SQL Server 2005 Windows Authentication Mode

  Hi Everyone,
  In my Scenario we are using SQL Server 2005 with Mixed Mode Authentication. Now we are planning to move only with Windows Authentication Mode.
  We have configured DB with Window authentication mode & user id have been configured in PI channels however we are getting error. We checked microsoft site, which says Windows Authentication mode DB can not be connected using JDBC drivers.
  http://support.microsoft.com/kb/313100
  In this above link see Basic Connectivity Troubleshooting Section.
  Please let me know if someone confirued JDBC Channel Successfuly with Windows Authentication Mode.
  Thanks In Advance
  Regards,
  Bharathi.

  I think this issue is related to the way that Vista, Windows 7 and Windows 2008 / 2008 R2 treat users who are logged on to the system with an account that is a member of the local administrators group when SQL is running locally.
  If your SQL setup has left you with BUILTIN\Administrators being a member of the sysadmin server role and you start up SQL Management Studio you'd expect to be mapped to the sysadmin role if your user account is in the local administrators group, however
  these OS disable this ability and when you try to connect to the database engine SQL server doesn't know you are a member of the local administrators group.
  To get round this, close all your open SQL management studio windows and then start a new window by right clicking the icon in the start menu and chosing to run as administrator. This time when you try to connect to the SQL database engine, windows doesn't
  "hide" the fact that you are an administrator. If you need to do this a lot you can go to the compatibility tab on the properties of the shortcut and set it to always run as administrator.
  Alternatively you can install the admin tools remotely and you don't get this effect.
  Tim

• Windows authentication for SQL Server

  We have a SQL server 2000 resource that we are provisioning to from IdM 7.1. The account to connect to Dev environment SQL server is set up for windows authentication. Lets say this account is Domain\user1. For development purposes, I am using my local machine (running tomcat 5.5) to connect to DEV environment and i logon to my machine as Domain\user2.
  Using SQL Enterprise Manager, i can do a "run as" and ask it to connect to the Dev environment as 'Domain\user1' and it works fine.
  Can i do something similar from IdM . I have tried putting in sqljdbc_auth.dll in the path and turning on the integrated security option in the connection string. However, as expected, it starts using 'Domain\user2' credential (even if I specify Domain\User1 credentials in the connection parameters).
  I would like to be able to use an account other than the user who is logged into the machine to establish connection from IdM to SQL server using windows authentication. Any thoughts?
  Thanks in advance.

  Hi All,
  I am trying to create a data source in oracle console by connecting to SQl server 2008 database using windows authentication.I am able to connect to database using SQL Server Authentication,but
  When i try to connect using Windows Authentication,I am getting errors.
  Please help me in finding a solution.
  Thanks,
  Krishna Gaddam
  To connect to oracle you need to use login created in oracle database. there is no windows authentication in oracle. As Olaf said please post this question in Oracle forum or search web you will find answer
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.
  My TechNet Wiki Articles

• SAP Crystal Report using SQL Server Authentication and Windows Authenticati

  I'm a SAP Crystal Report, version for Visual Studio 2010 Beginner
  my ingredients are
  1.windows 7 ultimate service pack1
  2.sql server 2008 standard edition
  3.visual studio 2010 pro
  4.SAP Crystal Report, version for visual studio.net
  I was created a report named customersByCity.rpt using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> I'm supply Server, User ID, Password and Database. I assume me using SQL Server Authentication for my report
  Then, my ASP.NET files as following
  //ASP.NET
  <%@ Page Language="C#" AutoEventWireup="true" CodeFile="viewCustomersByCity.aspx.cs" Inherits="viewCustomersByCity" %>
  <%@ Register Assembly="CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"
      Namespace="CrystalDecisions.Web" TagPrefix="CR" %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head runat="server">
      <title></title>
  </head>
  <body>
      <form id="form1" runat="server">
      <div><asp:Label ID="lblMsg" runat="server" BackColor="Yellow" ForeColor="Black"></asp:Label>
   <CR:CrystalReportViewer ID="CrystalReportViewer1" runat="server" AutoDataBind="true"></CR:CrystalReportViewer>
      </div>
      </form>
  </body>
  </html>
  //code-behind
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using System.Collections;
  using CrystalDecisions.CrystalReports.Engine;
  using CrystalDecisions.Shared;
  public partial class viewCustomersByCity : System.Web.UI.Page
      private const string PARAMETER_FIELD_NAME = "city";   
      private ReportDocument customersByCityReport;
      private void ConfigureCrystalReports()
          ConnectionInfo connectionInfo = new ConnectionInfo();
          connectionInfo.ServerName = @"WKM1925-PCWKM1925";
          connectionInfo.DatabaseName = "Northwind";
          connectionInfo.UserID = "sa";
          connectionInfo.Password = "sysadmin25";
          SetDBLogonForReport(connectionInfo);
      private void SetDBLogonForReport(ConnectionInfo connectionInfo)
          TableLogOnInfos tableLogOnInfos = CrystalReportViewer1.LogOnInfo;
          foreach (TableLogOnInfo tableLogOnInfo in tableLogOnInfos)
              tableLogOnInfo.ConnectionInfo = connectionInfo;
      private void SetCurrentValuesForParameterField(ReportDocument reportDocument, ArrayList arrayList)
          ParameterValues currentParameterValues = new ParameterValues();
          foreach (object submittedValue in arrayList)
              ParameterDiscreteValue parameterDiscreteValue = new ParameterDiscreteValue();
              parameterDiscreteValue.Value = submittedValue.ToString();
              currentParameterValues.Add(parameterDiscreteValue);
          ParameterFieldDefinitions parameterFieldDefinitions = reportDocument.DataDefinition.ParameterFields;
          ParameterFieldDefinition parameterFieldDefinition = parameterFieldDefinitions[PARAMETER_FIELD_NAME];
          parameterFieldDefinition.ApplyCurrentValues(currentParameterValues);
      protected void Page_Load(object sender, EventArgs e)
          customersByCityReport = new ReportDocument();
          string reportPath = Server.MapPath("customersByCity.rpt");
          customersByCityReport.Load(reportPath);
          ConfigureCrystalReports();
          ArrayList arrayList = new ArrayList();
          arrayList.Add("paris");
          arrayList.Add("Madrid");
          arrayList.Add("Marseille");
          arrayList.Add("Buenos Aires");
          arrayList.Add("Sao Paulo");
          ParameterFields parameterFields = CrystalReportViewer1.ParameterFieldInfo;
          SetCurrentValuesForParameterField(customersByCityReport, arrayList);
          CrystalReportViewer1.ReportSource = customersByCityReport;
  1st scenario
  When in a runtime, it's keep appear a dialog box. This dialog box ask me to suppy Server, User ID, Password and Database. Once all information is supplied, my report display the data as expected
  2nd scenario
  I change my report using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> checked on Integrated Security. I just choose Server, and Database. I assume me using Windows Authentication
  When in a runtime, there's no dialog box as above. My report display the data as expected. really cool
  Look's like, when report using SQL Server Authentication there's some problem. but, when report using Windows Authentication, it's fine.
  I'm looking for comment. Please help me

  Hello,
  MS SQL Server 2008 requires you to install the MS Client Tools for 2008.
  Once install then update all of your reports to use the SQL Native 10 as the OLE DB driver.
  The try again, if it still fails search, lots of sample log on code in this forum.
  Don

• HOW TO CREATE WINDOWS AUTHENTICATION USER IN SQL SERVER AFTER INSTALLING SQL SERVER 2008

  I had an error while executing asp.net appcation from IIS as follows
  Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  Description:
  An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  [SqlException (0x80131904): Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.]
  Can the above problem be solved by CREATING WINDOWS AUTHENTICATION LOGIN FOR
  'IIS APPPOOL\ASP.NET v4.0'  ?
  If yes, how to create the login?
  If no,what is the best possible solution?
  Please reply as soon as possible as i am unable to run my project which I had done in my lab,in my home system.

  Hi Praveen,
  To fix this issue, you need to change the Identity of your website's Application Pool to use the
  NetworkService account (or the less secure LocalSystem account).  By default, IIS7 seems to set the Application Pools Identity to 'ApplicationPoolIdentity' instead of NetworkService or LocalSystem.
  Here's a step-by-step guide for determining your websites Application Pool, then changing its Process Model Idenitty in IIS7:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, drill down into Default Web Site and click on your website.
  3.Now in the Actions sidebar (on right side), click on Advance Settings... In the popup box, under General you will see your Application Pool listed for your website (in my case the app pool is: ASP.NET V4.0).
  4.Click Cancel...  If you choose, you can change the Application Pool here, but for the sake of this example we just wanted to find out what the website's App Pool was.
  Then change the app pool's (Process Model) Identity to 'NetworkService', the steps are showed as below:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, click on Application Pools.
  3.Now right-click on theApplication Pool that your website is using (in this case my site is using the ASP.NET v4.0 application pool), and select Advanced Settings... from the menu.
  4.In the Advanced Settings pop-up box, locate the Process Model -> Identity section and click on the Application Pool Identity.
  5.In the Application Pool Identity pop-up box, change the Built-in account to NetworkService (or if you want LocalSystem), then click OK, and click OK again to save your Advanced Settings changes.
  Hope this helps.
  Best Regards,
  Peja
  Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.