Sunday, February 15, 2009 10:07 PMHi
We have a new Win 2008 Enterprise x64 server running SQL 2008
When we try to connect to the server using Windows Authentication, from a user account which is a domain administrator, we get the following message:
"Token-based server access validation failed with an infrastructure error"
What needs to be configured here for this to work ?
Tuesday, February 17, 2009 5:06 AMHi
If you’re getting a login failed for your Windows user - which you’re sure you put in the sysadmins role - it’s probably because UAC isn’t pasing all your group memberships to SSMS when you run it, and therefore giving you access denied. If you check your SQL errorlog and you see something like this:
Login failed for user Username Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.
It’s probably UAC. Try right clicking and running as administrator and seeing if it goes away. Of course if you added your user explicitly you’re probably fine, but just to get a cluster up and running I added my domain admins user to the DB - and of course that’s a membership that UAC will mask.
Friday, August 28, 2009 12:35 PMProbably, you used a different account to install SQL 2008, and you are now using another account to login.Use the account using whch you had installed SQL 2008 and log in to the server, and then from the Security node, add more users to logins. This should work
Thursday, September 24, 2009 11:42 PMThank you for this! This was the issue that we were experiencing and it was indeed caused by UAC. I had UAC set to a low setting, but just not low enough. You can leave the UAC set high, just remember to right click SSMS and run as administrator.
Friday, April 16, 2010 4:25 PMHaving the same issue w/SQL Server 2008, but running it on XP Pro so there's no UAC (that's for Vista, probably Windows 7, too). What could cause this on XP?
Thursday, August 12, 2010 2:19 PMTwo days of searching till I found this answer. Thank you for the help. I'm just getting used to 2008 and do not always click Run As Administrator. Oddly enough as soon as I did this I get right in.
- Proposed As Answer by TommyRush Wednesday, December 05, 2012 3:53 PM
Tuesday, September 07, 2010 8:01 AM
I have the same problem with connecting to local SQL Server 2008 default instance using windows authentication with a user which has sysadmin role and is owner of each existing database (we tried to make the user as powerful as possible but it didn't work):
2010-09-07 09:37:20.85 Logon Error: 18456, Severity: 14, State: 11.
2010-09-07 09:37:20.85 Logon Login failed for user 'VSERVER\SomeUser'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]I DO NOT WANT to use Run As Administrator - this is not a solution - who wants a web application run using account with administrative privileges ??
I do not want to disable UAC either (by the way it didn't work).
I just want the web-app be able to use Windows Authentication mode.
Does anyone know any WORKING solution ?
Thursday, September 16, 2010 6:08 PM
Same problem as above, except we have UAC disabled...
Any suggestions are appreciated.
Thursday, October 14, 2010 1:19 PM
I had this error after an inplace server migration of reporting services, i.e. new server but same name, including the credentials used by the reporting server DOMAIN\SERVER$ (so called "Service Credentials").
To solve the problem I went in SSMS to the databases msdb, master, ReportServer and ReportServerTempDB and removed all users and schemas with the name "DOMAIN\SERVER$". Then in the global Security / Logins I removed this user as well. Then I went in the Reporting Services Configuration Manager and reran the Database step, which recreated the user.
This fixed the problem and the message went away.
- Proposed As Answer by Gurbir Singh Rataul Friday, January 06, 2012 4:27 PM
Thursday, June 16, 2011 11:31 PM
I ran into this on a cross-domain SQL connection. Try turning off the firewall on the computer you're trying to connect. If this fixes the problem then create a Connection Security Rule (Server Manager, Windows Firewall, "Authenticate communications between computers"). Right-click, new rule, Server-to-server, Endpoint 1: Any IP address, Endpoint 2: Any IP address, Next, Request authentication ..., Next, Advanced, Customize, First Authentication: Add..., choose NTLM, OK, check "Second auth is optional", OK. This fixed it for me.
- Proposed As Answer by Brad ATI Thursday, June 16, 2011 11:31 PM
Thursday, July 14, 2011 1:56 PM
we had the same issue with UAC disabled, but found that we re-added the account in the domain in the past, so the token which the account used in the past is different from what it is now.
we just have to re-provision the account within sql.
- Proposed As Answer by JHS Chris Wednesday, September 28, 2011 6:14 PM
Friday, July 15, 2011 5:07 PM
We had the issue after migrating from 2005 to 2008 R2 using the standard ms sp to migrate logins. We only had the issue on one user from a peer domain in the forest...all other accounts including ones in the peer domain worked as expected.
Dropping the login, and recreating on the new server manually fixed the issue. I did not look to see if the user changed the AD SID between the time it was created on the source server to the time of the migration. I did not look to see anything was different in the actual logins table, but perhaps something in the sp to generate the login migration has a cased that does not work.
Thursday, September 01, 2011 1:09 PM
What ashwn_acharya says worked for me.
In my case UAC was disabled, firewall off and running SSMS as administrator.
I had to use the original account used to install sql 2008 in order to add the user as login.
Microsoft MVP Dynamics CRM | My Twitter: http://twitter.com/pabloperalta | My blog: http://weblogs.asp.net/pabloperalta | Blog en Español: http://wwww.elblogdedynamicscrm.com
Wednesday, September 28, 2011 6:16 PMChandra's answer worked for me. I logged in to SQL Management Studio as sa, removed the Windows account from the logins, closed Management Studio (may be unnecessary?), logged in to Management Studio as sa again, added back the windows account, all is well.
Wednesday, November 16, 2011 8:49 PM
I am encountering the same error message but it is more around the login, this problem happens only on one server but it is fine on another three, my investigation show it is a ghost SID associated with AD user account
1- An Active Directory (AD) account was created for a user [Domain\UserA]
2- A SQL login was created for the account above and then granted access to a number of databases
3- The AD account was renamed/modified to [Domain\UserB]
At this stage the user would encounter an error when connecting to the server
The sql log show this error message
Error: 18456, Severity: 14, State: 11.
Login failed for user 'domain\user'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: xxx]
Action on Server 1 SQL (the one with the problem)
1- Dropped the user from the databases
2- Re-Created the login from the windows account [Domain\UserB]
3- Created the user in the respective databases
But the user still unable to connect to the server
On server 1, the SID of the user in SYSUSERS was Matching SYSLOGINS and matches with result of SUSER_SID(Domain\UserA)
But it does not match the SID in the AD
The rest of the servers all have the correct SIDs
When I use SUSER_SNAME(Incorrect-Sid) and SUSER_SNAME(Correct-Sid) on this server they both return [Domain\UserB]
The problematic server is always returning the incorrect SID when recreating the user login and when using SUSER_SID(Domain\UserA) as if it is cached somewhere.
I can't specify the SID when creating the SQL login because it is using the Windows account
Your ideas on how to fix this problem are much appreciated
Thursday, January 05, 2012 2:30 PM
We have installaed SCVMM 2008 R2 Server on one server(While installing we have created SQLDB for this on the remote SqlServer). Installation successfull.
On another server we have installed scvmm 2008 R2 administrator console. but while launching the console its throwing the error.At the same time on the remote SQL server we are finding the Event Information.
Could you please provide the solution which is very urgent for me to complete environment.
Please find both error screen shots.
Thursday, January 05, 2012 2:39 PMAfther 3 year .. you're solution worked also form me ! thx :)
Founder of SharePoint CookBook: http://www.GokanOzcifci.be
Microsoft Certified Technology Specialist: SharePoint 2010, Configuring
Microsoft Certified Personal
Thursday, January 05, 2012 4:34 PM
Looks like Permissions issue while creating the Database.
Tuesday, January 17, 2012 5:27 AM
TQ VM... i faced the same problem but stupid me, i didn't add the default admin to the sysadmin role.
Monday, February 13, 2012 11:20 AM
I had this same error. In the evening it still worked, in the morning there was this problem.
In my case I had the IUSR added as a user to a Database, while on the other hand there didn't exist a Security / Login for it. Adding the Login solved my problem.
Eric Gehring, www.Softex.nl
- Edited by Softex Monday, February 13, 2012 11:21 AM
Thursday, July 12, 2012 10:08 PMThis is a particular annoying error that in some cases is related to a Change to the Windows user account (if you working with windows authentication) where the user login was created in SSMS and for some reason you change the same Windows user password; this will cause the SIDs to be different.
Therefore, an alternative is to drop the user Login account from SQL Server and re-create the Login account.
Saturday, November 03, 2012 1:28 AM
We had a test instance and production instance on the same server, using the same domain IDs as Agent service accounts. The developer grabbed an “Operating system (CmdExec) job that was working fine on test and copied it to production without modifying anything, including the database instance specified in the command line. So it was attempting to authorize to the wrong database instance and throwing this Event Id: 18456 validation failure with infrastructure error.
Tuesday, December 25, 2012 2:47 PM
I had the same error and was able to login via sa ONLY. I fixed by dropping and creating the login again
/****** Object: Login [Domain\User] Script Date: 12/25/2012 18:44:27 ******/
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'Domain\User')
DROP LOGIN [Domain\User]
/****** Object: Login [Domain\User] Script Date: 12/25/2012 18:44:27 ******/
CREATE LOGIN [Domain\User] FROM WINDOWS WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english]
The above script was generated from SSMS by right clicking on the Login in question and choosing Sript Login as Drop and create.
the Domain\User should be replaced with the actual domain and user name used.
It worked for me.