none
Server Error 15404

All replies

  • Hi Alex,

    Did you get any specific errors when you run a query?

    Then about the error, please refer to following relevant threads, see if they helps.

    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/841a5446-6689-4612-8629-5029a341a77e/sqlserver-error-15404-with-active-directory?forum=sqlsecurity

    https://social.msdn.microsoft.com/Forums/en-US/82787d19-9fd6-4f6e-8833-6b0fb1916dca/298-sqlserver-error-15404-could-not-obtain-information-about-windows-nt-groupuser?forum=sqlkjmanageability

    https://www.sqlservercentral.com/Forums/Topic824164-146-1.aspx

    http://alstechtips.blogspot.com/2014/06/sql-server-2012-sqlserver-error-15404.html

    Thanks,
    Xi Jin.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, June 4, 2018 6:40 AM
    Moderator
  • its strange. it seems to be when I use some sort of privilege

    so I can login via windows auth, I can look at all the collapsed item on the left ... DB Management agent etc. I can attempt to create a user and hit save. it then says failed and when i go back to look at the item I am not allowed. I can then log out and log back in and the user is created

    A

    EDIT - this is on MS SQL 2017 Linux 
    • Edited by Alex Samad Monday, June 4, 2018 6:46 AM
    Monday, June 4, 2018 6:43 AM
  • so tried this

    execute as login = '<DOMAIN>\svcDEVSQL'
    go

    got back

    Msg 15404, Level 16, State 22, Line 1
    Could not obtain information about Windows NT group/user '<DOMAIN>\svcDEVSQL', error code 0x80090304.

    still no closer.

    strangely I can find users in AD ?

    Wednesday, June 6, 2018 5:24 AM
  • Using the Error Lookup utility, I find that error 0x80090304 means The Local Security Authority cannot be contacted.

    So there appears to be some communication problem between SQL Server and the domain controller.

    Wednesday, June 6, 2018 9:53 AM
  • Hmm, how do I diagnose this. I rang a wireshark to see if there were any network issue, but I see none.

    I have looked through the event log and can't find anything related to a failure from this machine 

    Thursday, June 7, 2018 12:37 AM
  • Maybe a better question where would the formal support interface be ? Is there a web one ?
    Thursday, June 7, 2018 1:08 AM
  • Hi Alex,

    Did you manage to solve this? Because same problem here...
    Is your domain stand-alone? In my case, it's top-level domain of 15-or-so child domains forest, with external trusts to c.a. 5 other forests. 

    And another problem is that I have no idea how to debug this; strace running on mssql-server shows nothing, sssd logs on highest debug level (9) show nothing when error occurs, as well as samba-winbind logs.

    - connecting to database with domain user is always successful
    - usualy, single query like CREATE LOGIN [DOMAIN\user] FROM WINDOWS; happens to be successful
    - but next query is not - until mssql-server unit restarted

    I'm able to perform domain logon to linux server TTY, also enumerating users and groups with getent, id or wbinfo is working.

    Microsoft SQL Server 2017 (RTM-CU9) (KB4341265) - 14.0.3030.27 (X64)
    CentOS Linux release 7.5.1804 (Core)

    Monday, July 23, 2018 9:08 PM
  • Hey,

    I am not sure if you are still having this issue, but to fix it, you need to have the machine account (hostname$) in your keytab. To fix this, please follow step 3 of "Configure SQL Server service keytab" in the setup docs here:

    https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-active-directory-authentication?view=sql-server-2017#configurekeytab


    • Edited by Dylan Gray Monday, November 26, 2018 10:31 PM formatting
    Monday, November 26, 2018 10:31 PM
  • Same here, SQLServer 2017 on Ubuntu Server 16.04.1.

    My domain user is in sysadmin role; when I connect to SQLServer with that user and try to execute the following administrative query:

    execute as LOGIN='DOMAINNAME\domain.user'
    GO

    it throws the error:

    Msg 15404, Level 16, State 22, Line 1
    Could not obtain information about Windows NT group/user 'DOMAINNAME\domain.user', error code 0x80090304.

    I've already checked everything, multiple times: DNS, hosts, service account, SPN, wbinfo -u, wbinfo -g, ...

    SQLServer log contains nothing relevant (in fact it reports nothing at all).


    • Edited by nicorac Tuesday, December 11, 2018 11:45 AM
    Tuesday, December 11, 2018 11:06 AM
  • Additional note:
    I'm logged in with my AD user, which is in sysadmin group.

    When I run a command that requires administrative privileges like this:

    USE [master]
    GO
    ALTER LOGIN [sqlServerLogin] WITH DEFAULT_DATABASE=[dbName], DEFAULT_LANGUAGE=[en_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
    GO

    it works only at first run.

    Running it the second time it throws the same error:

    Msg 15404, Level 16, State 22, Line 1
    Could not obtain information about Windows NT group/user 'DOMAINNAME\myDomainUser', error code 0x80090304.
    If I disconnect/reconnect it works again only for the first time.

    Tuesday, December 11, 2018 12:36 PM