none
SSPI handshake failed with error code 0x80090302

    Question

  • Im trying to login to sql from an external client but I keep getting these messages

     

     

    Event Type: Error
    Event Source: MSSQLSERVER
    Event Category: (4)
    Event ID: 17806
    Date:  29.11.2007
    Time:  15:49:23
    User:  N/A
    Computer: xx

    Description:
    SSPI handshake failed with error code 0x80090302 while establishing a connection with integrated security; the connection has been closed. [CLIENT: xxxx]

    Event Type: Failure Audit
    Event Source: MSSQLSERVER
    Event Category: (4)
    Event ID: 18452
    Date:  29.11.2007
    Time:  15:49:23
    User:  N/A
    Computer: xx
    Description:
    Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: xxxx]

    This only happens when the SQL server has these policies applied:

     

     

    Policy Setting
    Network security: Do not store LAN Manager hash value on next password change Enabled
    Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 session security if negotiated
    Network security: LDAP client signing requirements Negotiate signing
    Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Enabled
    Require message integrity Enabled
    Require message confidentiality Enabled
    Require NTLMv2 session security Enabled
    Require 128-bit encryption Disabled
    Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Enabled
    Require message integrity Enabled
    Require message confidentiality Enabled
    Require NTLMv2 session security Enabled
    Require 128-bit encryption Disabled

     

    I do not have the choice to switch to mixed mode authentication on the sql and these policy settings are a security policy requirement for me.

     

    regards

    duh123

    Thursday, November 29, 2007 4:48 PM

All replies

  • Hi

     

    I do not know if you were using the JTDS driver but I solve a similar issue with the same error code by adding the useNTLMv2=true in the connection string. Another workaround was, as you mentionned, to lower the LAN manager authentication level.

     

    regards

    Emmanuel

    Monday, July 19, 2010 8:05 AM
  • Search if SPN for the SQL Server exists.  You can use SetSPN -L utility.
    Sivaprasad S http://sivasql.blogspot.com Please click the Mark as Answer button if a post solves your problem!
    Monday, July 19, 2010 5:21 PM
  • Instance was already having a SPN. This specific error code is strictly related to NTLM authentication. See JTDS FAQ (http://jtds.sourceforge.net/faq.html#windowsAuth).
    Monday, July 19, 2010 5:52 PM
  • Hi,

     

    Generally these type of error messages will occurs, if login is non trusted with the SQL Server.. Most probably bad username / password.

    Tuesday, July 20, 2010 12:03 AM