none
SQL Server Login failure - token-based server access validation failed

    Question

  • I have an instance of SCCM 2007 (two servers) using SQL Server 2008, each is running on Server 2008. When the systems are initially installed, everything works great, but after a day or so both SCCM servers will lose connectivity to their databases, and the SQL Server will start filling the Application Log with "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: xxx.xxx.xxx.xxx]" where xxx is the ip address of one the SCCM servers.

    The only mention of this error I could find everywhere indicated an SPN problem in SQL Server clusters, but I am not clustering the SQL Server and I have verified that the SPN is correct for the service account that SQL Server is running under.

    I'm pulling my hair out over this; I would be much obliged if anyone could point me in the right direction.

    Thanks is advance,

    Lacie

    Monday, April 27, 2009 5:13 PM

Answers

  • Hello Lacie

    If you’re getting a login failed for your Windows user - which you’re sure you put in the sysadmins role - it’s probably because UAC isn’t pasing all your group memberships to SSMS when you run it, and therefore giving you access denied. If you check your SQL errorlog and you see something like this:

    Login failed for user Username Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.

    It’s probably UAC. Try right clicking and running as administrator and seeing if it goes away. Of course if you added your user explicitly you’re probably fine, but just to get a cluster up and running I added my domain admins user to the DB - and of course that’s a membership that UAC will mask.

    Resolution:
    i) Turn off UAC
    or
    ii) Right click and launch as "Run As Adminstrator"

    Thanks
    Sreekar

    Monday, April 27, 2009 5:46 PM

All replies

  • Hello Lacie

    If you’re getting a login failed for your Windows user - which you’re sure you put in the sysadmins role - it’s probably because UAC isn’t pasing all your group memberships to SSMS when you run it, and therefore giving you access denied. If you check your SQL errorlog and you see something like this:

    Login failed for user Username Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.

    It’s probably UAC. Try right clicking and running as administrator and seeing if it goes away. Of course if you added your user explicitly you’re probably fine, but just to get a cluster up and running I added my domain admins user to the DB - and of course that’s a membership that UAC will mask.

    Resolution:
    i) Turn off UAC
    or
    ii) Right click and launch as "Run As Adminstrator"

    Thanks
    Sreekar

    Monday, April 27, 2009 5:46 PM
  • I am running a job on sql server 7.0(windows xp) which call a package to update tables on sql server 2008(windows server 2003). when i run the package itself from enterprise manager, it is working fine.

    I checked sql server agent runs under system account on sql server 7.0 (windows xp).

    the job failing with error message on sql server 7.0

    ... DTSRun: Executing... DTSRun OnStart: DTSStep_DTSDataPumpTask_3 DTSRun OnStart: DTSStep_DTSDataPumpTask_5 DTSRun OnStart: DTSStep_DTSDataPumpTask_4 DTSRun OnStart: DTSStep_DTSDataPumpTask_1 DTSRun OnError: DTSStep_DTSDataPumpTask_4, Error = -2147217843 (80040E4D) Error string: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Error source: Microsoft OLE DB Provider for SQL Server Help file: Help context: 0 Error Detail Records: Error: -2147217843 (80040E4D); Provider Error: 18456 (4818) Error string: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Error source: Microsoft OLE DB Provider for SQL Server Help file: Help context: 0 DTSRun OnError: DTSStep_DTSDataPumpTask_3, Error = -2147217843 (80040E4D) Error string: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Error source: Microsoft OLE DB Provider for SQL Server Help file: Help context:... Process Exit Code 5. The step failed.

    when check the error log on sql server 2008 i saw the following error

    Date  4/16/2010 9:17:51 AM
    Log  SQL Server (Current - 4/16/2010 10:09:00 AM)

    Source  Logon

    Message
    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 172.21.160.148]

    i hope this is because sql server agent running under system account which is local to that machine. if i change the service account of agent(sql server 7.0) to domain account...will the problem go away?

     

    Thanks,

     


    ------------------------ Brahma http://vbrchowdary.info
    • Edited by w2bsqldba Monday, May 16, 2011 5:51 PM word formatting
    Friday, April 16, 2010 2:33 PM
  • Hi,

     

    I want to say you many thanks.

    It works fine now for me.

     

    Best Regards,

    Ouissem

    Tuesday, June 21, 2011 2:18 PM
  • Hi,

    Which one worked? Turn off UAC or Run as Administrator?

     

    Bob

    Tuesday, September 27, 2011 3:01 PM
  • "Run as Administrator" works

    Thanks!

    Wednesday, November 30, 2011 9:48 AM
  • Turning off UAC required a restart. So for now, I used the other solution (Right click SSMS and run as Admin). Both solutions work.

    Tuesday, August 28, 2012 3:58 PM