none
login failed. The login is from untrusted domain and cannot be used with windows authentication

    Question

  • hi,

    While upgrading the server, sqlexpress 2005 on win2003 to sqlexpress 2008 on win 2008, the connection to server from IIS (asp) won't work.

    The IIS is on diffrent untrusted DOMAIN, but it's work before/

    The connection string is:packet size=4096;integrated security=SSPI;data source=mySERVER;persist security info=False;initial catalog=myDB

    any help ?

    Thanks

    Niv

     

     

     

    Tuesday, January 03, 2012 1:43 PM

Answers

  • Hi Niv2003,

    >> login failed. The login is from untrusted domain and cannot be used with windows authentication

    As Erland mentioned, this error might be related to the IIS is on non-trusted domain. Probably you login from another trust domain (not original domain).

    Based on my research, there are three ways to solve your error as you provided above. Please try as below:

    1. Use the SQL Authentication to login to the SQL Server.
    You can get this done by changing the connection string to use SQL authentication while connecting. But you need to know the credentials of an account which is having permissions to your required database or the System Administrator (SA) password. For simplicity I will use SA account details in the connection string
    <connectionStrings> 
      <add name="cnnStr" providerName="System.Data.OleDb" connectionString="Data Source=BI-SVR;Persist Security Info=True;Password=YourPassword;User ID=sa;Initial Catalog=BBIDatabase"/> 
    </connectionStrings> 
    


    2. Login to your machine using the same Domain.
    If you login to your machine using a domain account which the SQL Server is added to, then this error will vanish. But for this you need to add your machine to the same domain which the SQL Server machine is added to (Company Domain) also to properly get authenticated the account used should have proper permissions set to access the database in the SQL Server.

    3. Make the account trusted in SQL Server.
    By making the account you use to login to your machine trusted account in SQL Server and giving it appropriate permissions to access databases will also permit you to fix this error.

    Meanwhile for connection string, in my development environment is my Server Name (SAM), and the Database on the Server (Northwind). Then such Connection String would automatically be generated:
    "workstation id=SAM; packet size=4096;integrated security=SSPI;data source=SAMIEI;persist security info=False;initial catalog=Northwind"

    More information, please refer to the reply in this thread about ASP connection to SQL using Windows Authentication.

     


    Regards,
    Amber zhang

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     


    Friday, January 06, 2012 9:16 AM

All replies

  • Can you check sql server errorlog for state? check http://sql-articles.com/articles/troubleshooting/troubleshooting-login-failed-error-18456/ link for details

    Is UAC turned on in windows 2008?


    Mark as ANSWER if I helped you today :-)
    Tuesday, January 03, 2012 3:48 PM
  • Maybe it was pure luck that it worked in the past? If IIS is on a non-trusted domain, the error message makes much sense.

    (I had this chuckle earlier tonight: I ran

    sqlcmd -Stcp:192.168.135.135

    And 192.168.135.135 is the local IP address. I got exactly the error about an untrusted domain!)


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Tuesday, January 03, 2012 10:55 PM
  • Did both web server and db server have same passwords?.It may work if both have same administrator password .
    Thursday, January 05, 2012 10:46 AM
  • Hi Niv2003,

    >> login failed. The login is from untrusted domain and cannot be used with windows authentication

    As Erland mentioned, this error might be related to the IIS is on non-trusted domain. Probably you login from another trust domain (not original domain).

    Based on my research, there are three ways to solve your error as you provided above. Please try as below:

    1. Use the SQL Authentication to login to the SQL Server.
    You can get this done by changing the connection string to use SQL authentication while connecting. But you need to know the credentials of an account which is having permissions to your required database or the System Administrator (SA) password. For simplicity I will use SA account details in the connection string
    <connectionStrings> 
      <add name="cnnStr" providerName="System.Data.OleDb" connectionString="Data Source=BI-SVR;Persist Security Info=True;Password=YourPassword;User ID=sa;Initial Catalog=BBIDatabase"/> 
    </connectionStrings> 
    


    2. Login to your machine using the same Domain.
    If you login to your machine using a domain account which the SQL Server is added to, then this error will vanish. But for this you need to add your machine to the same domain which the SQL Server machine is added to (Company Domain) also to properly get authenticated the account used should have proper permissions set to access the database in the SQL Server.

    3. Make the account trusted in SQL Server.
    By making the account you use to login to your machine trusted account in SQL Server and giving it appropriate permissions to access databases will also permit you to fix this error.

    Meanwhile for connection string, in my development environment is my Server Name (SAM), and the Database on the Server (Northwind). Then such Connection String would automatically be generated:
    "workstation id=SAM; packet size=4096;integrated security=SSPI;data source=SAMIEI;persist security info=False;initial catalog=Northwind"

    More information, please refer to the reply in this thread about ASP connection to SQL using Windows Authentication.

     


    Regards,
    Amber zhang

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     


    Friday, January 06, 2012 9:16 AM
  • Thank you all for your answers.

    finally, I add the account who run the IIS to the domain, althou the comp is out of.

    Things goes fine,

    I have learned few things - than,s to you all

     

    Niv bessor

    Wednesday, January 11, 2012 12:29 PM
  • Hello Amber,

    We have an scenario where the SQL server is in different domain (ex. A) altogether and trying to access the sql instance from domain B. there is no domain level trust put in place but when manage to launch the SSMS using run as and providing the domain A user credentials it allows. But unable to connect using domain B. we are able to successfully add the Domain B user account as a login to the SQL server on Domain A, but no luck.

    Any workaround or solution you suggest for this scenario?

    Domain B is our development environment domain
    Domain A is our Production environment domain where end users / developers are in
    We want to implement only windows authentications

    Any further information regarding the option 3 on how to would be appreciated?

    Thanks

    Hemanth


    A man can succeed at almost anything, for which he has unlimited enthusiasm.

    Wednesday, May 22, 2013 1:04 AM
  • You cannot use Windows authentication between untrusted domains, but you will need to use SQL authentication.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Wednesday, May 22, 2013 9:54 PM