locked
Login failed with untrusted domain problem RRS feed

  • Question

  • I already know that if I were to search this, there are hundreds of forum threads with something similar to this. The only reason I'm putting it up on here is because I don't want to go through hundreds of forum threads that sound like my problem, just to find out that they are a different problem. 

    I've been making programs for the office of the company I work for. I've made the programs through Visual Studio 2010 SP1 using vb.net programming and .net framework 3.5. I have my database on a computer on our company domain using SQL Server 2008 R2 for my connection.  We are using Windows Small Business Server 2003 (Yes I know it's outdated, but they don't want to spend any money yet to update it) for our network and the majority of the computers are running Windows XP Pro SP3 with the exception of 3 computers that we recently upgraded to Windows 7 Sp1. That a background of what I'm working with. Now for the problem.

    I've already made a program that has been distributed to about 20% of our computers that works wonderfully. I had a problem with the database when I first started distributing the program because the program wouldn't connect to the server to get the information from the database on any computer but the one I made the program on. That's when I learned about making a Login and a User associated with the login account associated with the computer on the network. That worked fine. Now I've got the 5 end-users using the program without any problems.

    Recently I made another program so that they could search a database of pdfs. The program was made and it works great. I started distributing the program, and on the 20% of computers that were already connected to the server through the first program, it is working beautifully. This program was going on other computers too, and so I started making more logins and more users. Most of them are working great, except one computer. Everytime I try to open the program on this one computer, it gives me the error "Login Failed. The Login is from an untrusted domain and cannot be used with Windows Authentication." Seeing as this program is working on the same domain with the other computers, I'm doubting that is the problem. But I can't seem to find any reason this problem should be happening. It is one of the Windows 7 computers that is giving me the error, but the program work on one of the other Windows 7 computers we have in the office. 

    I'm pulling my hair out trying to figure this out. Any help would be greatly appreciated. Oh, and one more thing, I do have the error given.

     With the message of :

    See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.
     
    ************** Exception Text **************
    System.Data.SqlClient.SqlException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
       at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
       at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
       at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)
       at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
       at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
       at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
       at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
       at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
       at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
       at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
       at System.Data.SqlClient.SqlConnection.Open()
       at System.Data.Common.DbDataAdapter.QuietOpen(IDbConnection connection, ConnectionState& originalState)
       at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
       at System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior)
       at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable)
       at MSDSDatabase.dbMSDSDataSetTableAdapters.tblMSDSTableAdapter.Fill(tblMSDSDataTable dataTable)
       at MSDSDatabase.frmMain.Form1_Load(Object sender, EventArgs e)
       at System.EventHandler.Invoke(Object sender, EventArgs e)
       at System.Windows.Forms.Form.OnLoad(EventArgs e)
       at System.Windows.Forms.Form.OnCreateControl()
       at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
       at System.Windows.Forms.Control.CreateControl()
       at System.Windows.Forms.Control.WmShowWindow(Message& m)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
       at System.Windows.Forms.ContainerControl.WndProc(Message& m)
       at System.Windows.Forms.Form.WmShowWindow(Message& m)
       at System.Windows.Forms.Form.WndProc(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
     

    ************** Loaded Assemblies **************
    mscorlib
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5448 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
    ----------------------------------------
    MSDSDatabase
        Assembly Version: 1.0.0.0
        Win32 Version: 1.0.0.0
        CodeBase: file:///C:/Users/pareiff/AppData/Local/Apps/2.0/7YG4RH8V.NQ7/3PY5CLHE.2GJ/msds..tion_2b68406be206610a_0001.0000_9f0847a87dd588ff/MSDSDatabase.exe
    ----------------------------------------
    Microsoft.VisualBasic
        Assembly Version: 8.0.0.0
        Win32 Version: 8.0.50727.5420 (Win7SP1.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
    ----------------------------------------
    System
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5447 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
    ----------------------------------------
    System.Windows.Forms
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5446 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
    ----------------------------------------
    System.Drawing
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
    ----------------------------------------
    System.Runtime.Remoting
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
    ----------------------------------------
    System.Data
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll
    ----------------------------------------
    System.Configuration
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
    ----------------------------------------
    System.Xml
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
    ----------------------------------------
    System.Transactions
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
        CodeBase: file:///C:/Windows/assembly/GAC_32/System.Transactions/2.0.0.0__b77a5c561934e089/System.Transactions.dll
    ----------------------------------------
    System.EnterpriseServices
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.dll
    ----------------------------------------
     
    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.
     
    For example:
     
    <configuration>
        <system.windows.forms jitDebugging="true" />
    </configuration>
     
    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.

    Wednesday, February 29, 2012 7:44 PM

Answers

  • Hi JangleKlown,

    Regarding to the error message you provided, which seems to be SSPI error. The issue might be caused by a down Active Directory Server, which of course could not authenticate. Could you verify that you always have at least one DC on and running while you reboot other DCs?

    SQL asks SSPI layer to authenticate a user (once a request arrives) and SSPI layer failed to contact a DC.  For more information, please refer to this article Login failed. (Microsoft SQL Server, Error: 18452): http://blog.michelbarneveld.nl/michel/archive/2009/11/11/login-failed-microsoft-sql-server-error-18452.aspx

    Additionally, installing SQL Server along with domain controller will impact on SQL Server security (SQL Server service account cannot be "local service" or "network service"). Are you connecting from different domain? If yes, does both the domain trusted?
    For more information, please refer to the article: http://blogs.msdn.com/b/sql_protocols/archive/2008/05/03/understanding-the-error-message-login-failed-for-user-the-user-is-not-associated-with-a-trusted-sql-server-connection.aspx


    Regards, Amber zhang

    • Marked as answer by JangleKlown Friday, March 2, 2012 1:23 PM
    Friday, March 2, 2012 7:16 AM
  • Thanks for the response Amber.

    I found the problem when going through your second link, and actually all accidentally. The idiot user had logged into the computer account instead of the network account and has been running off of that. He kept saying he was logged into the network, but he only had access to the shared network drives by being connected via LAN. Thank you for all your help. 

    • Marked as answer by JangleKlown Friday, March 2, 2012 1:23 PM
    Friday, March 2, 2012 1:23 PM

All replies

  • Hi Jangle, 

    can you confirm that computer is on the same domain as you SQL Server? I presume that you are using integrated login is you application. 


    Thanks, Harpreet http://myharpreet.blogspot.com

    Wednesday, February 29, 2012 11:21 PM
  • HI Jangel,

    I think u r trying to connect the sql server from untrusted domain.. Please check that and work with system team who are expert in AD Level


    Thanks, Satish Kumar. Please mark as this post as answered if my anser helps you to resolves your issue :)

    Thursday, March 1, 2012 7:05 AM
  • Yes I can confirm it is on the same domain. All the computers in this factory are through the same domain. All of which run through SBS 2003, which I mentioned. I was the one who set up the three windows 7 computers onto the domain, because the office didn't know how to. And sorry, Satish, but like I said, it isn't an untrusted domain seeing as the computer is on the same domain as every other computer in the factory, and the other computers are connecting fine. Also, I am the entire computer department at this factory.
    Thursday, March 1, 2012 12:56 PM
  • Hi , 

    I had a same issue on one of my Windows 7 PC and the below error was logged into SQL Server  EVENTLOG

    SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.  [CLIENT: x.x.x.41]. 

    I applied latest OS patches from Microsoft and it started working even though it took almost a day to apply all the patches and multiple restart.


    Thanks, Harpreet http://myharpreet.blogspot.com

    Thursday, March 1, 2012 5:32 PM
  • I have an error log with the same thing on my sql server error logs. But I think his computer is up to date, but I will look. Do I have to go find the patches, or will Windows Update be able to find everything I need?
    Thursday, March 1, 2012 6:33 PM
  • I have made sure that the problem computer is completely up to date, and it still isn't working. The errors on SQL Server's Error Log is this

    Date,Source,Severity,Message

    03/01/2012 14:14:13,Logon,Unknown,Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 192.168.0.26]

    03/01/2012 14:14:13,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.

    03/01/2012 14:14:13,Logon,Unknown,SSPI handshake failed with error code 0x8009030c<c/> state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.  [CLIENT: 192.168.0.26].

    03/01/2012 14:14:13,Logon,Unknown,Error: 17806<c/> Severity: 20<c/> State: 14.

    Any help still would be greatly appreciated.

    • Edited by JangleKlown Thursday, March 1, 2012 7:56 PM
    Thursday, March 1, 2012 7:40 PM
  • Hi JangleKlown,

    Regarding to the error message you provided, which seems to be SSPI error. The issue might be caused by a down Active Directory Server, which of course could not authenticate. Could you verify that you always have at least one DC on and running while you reboot other DCs?

    SQL asks SSPI layer to authenticate a user (once a request arrives) and SSPI layer failed to contact a DC.  For more information, please refer to this article Login failed. (Microsoft SQL Server, Error: 18452): http://blog.michelbarneveld.nl/michel/archive/2009/11/11/login-failed-microsoft-sql-server-error-18452.aspx

    Additionally, installing SQL Server along with domain controller will impact on SQL Server security (SQL Server service account cannot be "local service" or "network service"). Are you connecting from different domain? If yes, does both the domain trusted?
    For more information, please refer to the article: http://blogs.msdn.com/b/sql_protocols/archive/2008/05/03/understanding-the-error-message-login-failed-for-user-the-user-is-not-associated-with-a-trusted-sql-server-connection.aspx


    Regards, Amber zhang

    • Marked as answer by JangleKlown Friday, March 2, 2012 1:23 PM
    Friday, March 2, 2012 7:16 AM
  • Thanks for the response Amber.

    I found the problem when going through your second link, and actually all accidentally. The idiot user had logged into the computer account instead of the network account and has been running off of that. He kept saying he was logged into the network, but he only had access to the shared network drives by being connected via LAN. Thank you for all your help. 

    • Marked as answer by JangleKlown Friday, March 2, 2012 1:23 PM
    Friday, March 2, 2012 1:23 PM