locked
SQL Server login Failed for "Domain\MachineHostname$" error espacially when C# Application running through Windows Service. RRS feed

  • Question

  • We are getting error as "Login failed for user 'Domain\MachineHostname$'" when C# application running through Windows Service.

    We have the application on one machine and SQL was installed on another machine(Remote Database)

    Connection String:
    Data Source=<IP Addr>\<SQL Instance>;Initial Catalog=<DBName>;Integrated Security=True;Pooling=True;MultipleActiveResultSets=True;Connect Timeout=90;Load Balance Timeout=3;ConnectRetryCount=3

    Same connection string is working fine when i have used in C# Console Application. But when it was used in C# Windows Service using LocalSytem account We are facing the error as "Login failed for user 'Domain\MachineHostname$'".

    As we googled and resolved the issue by adding the server login for 'Domain\MachineHostname$' in SQL Server and provided the 'db_owner' for the DB for the particular login. 

    When application and SQL were in same machine we couldn't find any issue. When it comes to Remote DB we are facing the issue. Why application didnt used the Windows Authentication user name for SQL Server login when we used remotely and why application take 'Domain\MachineHostname$' when services running through LocalSystem account
    Thursday, November 5, 2020 6:21 AM

Answers

  • When you use Windows authentication then the process that the app is running under is used to authenticate. Since this is a Windows Service that means the service account is used (assuming your connection string is configured to use Windows Authentication). Most likely you are using NETWORK SERVICE as the service account. In that case the machine name is used which is the login you're seeing.

    Option 1 - a SQL account as already mentioned.

    Option 2 - Change the Windows service to run under a domain account. Ensure the domain account has DB access.

    Option 3 - Give the machine account permissions to the SQL databases. Not generally recommended though.

    My preference would be running the service under a domain account and ensuring the domain account has permissions to the DB. It is the most secure.

    Note that on the same machine LocalSystem is the SYSTEM account which probably had DBA permissions because when you install SQL it, by default, gives administrators access. However that account doesn't work over the network. Hence you'd use Network Service. When using that account, which is a local only account, Windows uses the machine name (with $) instead. 



    Michael Taylor http://www.michaeltaylorp3.net

    • Marked as answer by K Santhosh Friday, November 6, 2020 6:54 AM
    Thursday, November 5, 2020 2:22 PM

All replies

  • Hello,

    Setup a user in SQL-Server, change Integrated Security=True; to Integrated Security=False; and provide a user name and password for the connection string. Make sure the user has proper permissions to the database.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    My GitHub code samples
    GitHub page

    • Proposed as answer by CoolDadTx Thursday, November 5, 2020 2:17 PM
    • Unproposed as answer by K Santhosh Thursday, November 5, 2020 5:03 PM
    Thursday, November 5, 2020 11:46 AM
  • You should use a generic user ID and password to login and use  the database with proper permissions.
    Thursday, November 5, 2020 12:13 PM
  • Hi,

    Thank you for your suggestion.

    As you said, in that cases it was working fine. We have installed the SQL Server in Mixed mode, Using "sa" account we are able to establish connection remotely in Windows Service. We are expecting to establish connection to SQL Server using Windows authentication while application are windows service.

    Please share the suggestion. 

    Thursday, November 5, 2020 12:53 PM
  • IMO, you should post to the DB fourm for help.

    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/home?category=sqlserver

    Thursday, November 5, 2020 1:58 PM
  • When you use Windows authentication then the process that the app is running under is used to authenticate. Since this is a Windows Service that means the service account is used (assuming your connection string is configured to use Windows Authentication). Most likely you are using NETWORK SERVICE as the service account. In that case the machine name is used which is the login you're seeing.

    Option 1 - a SQL account as already mentioned.

    Option 2 - Change the Windows service to run under a domain account. Ensure the domain account has DB access.

    Option 3 - Give the machine account permissions to the SQL databases. Not generally recommended though.

    My preference would be running the service under a domain account and ensuring the domain account has permissions to the DB. It is the most secure.

    Note that on the same machine LocalSystem is the SYSTEM account which probably had DBA permissions because when you install SQL it, by default, gives administrators access. However that account doesn't work over the network. Hence you'd use Network Service. When using that account, which is a local only account, Windows uses the machine name (with $) instead. 



    Michael Taylor http://www.michaeltaylorp3.net

    • Marked as answer by K Santhosh Friday, November 6, 2020 6:54 AM
    Thursday, November 5, 2020 2:22 PM