none
SSPI handshake failed with error code 0x80090311

    Question

  • I have a SQl2k8 R2 up and running on a win2k8 R2, I have a domain controller as well with AD 2k8 R2. It works fine but from time to time I receive a dozen of successive alerts like th folowing

    DATE/TIME:       11/22/2010 12:19:57 PM

     

    DESCRIPTION:   SSPI handshake failed with error code 0x80090311, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.  [CLIENT: <named pipe>].

     

    COMMENT:       (None)

    JOB RUN:            (None)

    I understand from some threads here that it is an issue related to contacting the AD. In event viewer it is not clear what is casuing this. I have WSS databases, Biztalk server datatbases.....and some other user databases. NO home made applications contact sql server.

     

    What is the best route to follow to see who is not being able sometimes and why contacting the AD. I read the thread at http://blogs.msdn.com/b/sql_protocols/archive/2006/03/23/558651.aspx but it is related to express 2005 and it does not apply to my case.

     

    Thanks in advance

     

    Monday, November 22, 2010 12:59 PM

Answers

  • Hi,

    0x80090311 error refers to "No authority could be contacted for authentication" which means the user cannot contact AD to get a ticket. Now what i can say is below things.

    1) Check SQL Server startup account and see if for this user SPNs are configured.

                        http://technet.microsoft.com/en-us/library/ms191153.aspx

    2) Also check if we are trying to connect using Fully Qualify Domain Name or not.

    3) Also check if there is some network issue on your system and you lost the connectivity to AD from time to time. Please let your network administror investigate any possible network issue.

    HTH


    Regards Gursethi Blog: http://ms-gursethi.blogspot.com/ ++++ Please mark "Propose As Answer" if my answer helped ++++
    Tuesday, November 23, 2010 2:52 AM

All replies

  • this is usually related to the service account changing on the sql server service. its a common error
    Craig
    Monday, November 22, 2010 2:28 PM
  • Hi,

    0x80090311 error refers to "No authority could be contacted for authentication" which means the user cannot contact AD to get a ticket. Now what i can say is below things.

    1) Check SQL Server startup account and see if for this user SPNs are configured.

                        http://technet.microsoft.com/en-us/library/ms191153.aspx

    2) Also check if we are trying to connect using Fully Qualify Domain Name or not.

    3) Also check if there is some network issue on your system and you lost the connectivity to AD from time to time. Please let your network administror investigate any possible network issue.

    HTH


    Regards Gursethi Blog: http://ms-gursethi.blogspot.com/ ++++ Please mark "Propose As Answer" if my answer helped ++++
    Tuesday, November 23, 2010 2:52 AM
  • So is there a fix ?

    Periodically the server will not allow any connections and the sql server service account was changed.

    Should I un install and reinstall using the one account ?

    Can I hack a registry entry or something ?


    The Fosinator
    Thursday, December 15, 2011 11:49 PM