locked
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: XXX.XXX.XXX.XXX] RRS feed

  • Question

  • We run a Windows Server 2012 R2 Failover cluster with five nodes, each node contains multiple instances of Microsoft Sequel Server 2012 SP2.

    One instances is used for Microsoft SharePoint 2013 (15.0.4797.1000 SP1 CU February 2016), and it is this instance that is causing the issue, particularly over the weekend.

    Our SharePoint farm is made up as follows:

    1 Application Server + 2 * Web Front end servers.

    SQL Server logs show:

    SSPI handshake failed with error code 0x80090311, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. No authority could be contacted for authentication.   [CLIENT: XXX.XXX.XXX.XXX]

    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: XXX.XXX.XXX.XXX]

    In all instances the IP addresses are a mixture of Application Server and both Front End servers.

    We have not enabled Kerberos rather we are running NTLM, and all SQL Instances are using the same dedicated AD account  for the SQL server service and the same dedicated AD account for SQL Server Agent.

    We believe we have been able to discount 'interference' from our backup solution(s) Veeam for backup VM's ; Backup exec to leverage GRT for SharePoint, as no backups were / are active at the point SQL stared logging authentication issues.

    Any assistance gratefully received

    Monday, August 8, 2016 10:17 AM

Answers

  • Hi,

    I used to get the same/similar error log entries when the domain controller is not available or a user is not from the same domain. I bet your AD is not available for some reason at that time.

    I hope it helps.

    János


    There are 10 type of people. Those who understand binary and those who do not.

    My Blog | Hire Me

    Monday, August 8, 2016 10:46 AM

All replies

  • Hi,

    I used to get the same/similar error log entries when the domain controller is not available or a user is not from the same domain. I bet your AD is not available for some reason at that time.

    I hope it helps.

    János


    There are 10 type of people. Those who understand binary and those who do not.

    My Blog | Hire Me

    Monday, August 8, 2016 10:46 AM
  • Greetings Paul,

    The first shows you cannot connect to your AD-controller, which normally only happens if the network is fairly unstable. As server tend to keep a cache of credentials for short periods.

    The second is far more interesting though;

    I'm going to assume you do have multiple domains in your AD (Forrest).
    So basically SharePoint has the account

    MySharePointAccount@abc-foods.com
    and your AD is running standardly on abc-holding.com.
    The way this works is if you have a Trust build between domains.
    my guess would be to re-create that trust during downtime.

    Though the real question is;
    - What application is trying to connect during that time?
    - Which user (and domain) is it using?
    - Does the combination make sense and is the error easily reproducible?
    - Is the network good --> per example; is the latency too high when the backups are writing away?

    Sebastian

    • Proposed as answer by Teige Gao Tuesday, August 9, 2016 1:20 AM
    Monday, August 8, 2016 11:00 AM