locked
Fail to create new Windows login when using FQDN RRS feed

  • Question

  • Hi experts,

    I'm trying to add a new Windows Authenticated login to SQL Server 2005. My SQL Server is in a domain and so are my users. When I add [MYDOMAIN\username] it works fine, but if I try to add [MYDOMAIN.sub.com\username] it fails with the following error: Windows NT user or group 'MYDOMAIN.sub.com\username' not found. Check the name again. (Microsoft SQL Server, Error: 15401).  I know for sure that username exists in the domain MYDOMAIN.sub.com.

    I have tried adding the user from the SQL Server Studio Management and using the following TSQL statement:

    CREATE LOGIN [MYDOMAIN.sub.com\username] FROM WINDOWS WITH DEFAULT_DATABASE=[master]

    and they both failed.  I have also tried it in SQL Server 2008 and it fails in the same way.

    Does anyone know why does it fail when using the fqdn? I would be very thankful to anyone that can help.

    Koddie

    Friday, July 10, 2009 5:42 PM

All replies

  • One reason for this is that the SPN value is not defined in your domain using the FQDN for your SQL Server.  Check with your systems administrator or if you have read access to Active Directory, run the setspn utility to query the SQL Server instance
    bass_player http://bassplayerdoc.blogspot.com/
    Saturday, July 11, 2009 3:52 PM
  • Hi Koddie,

    The form DOMAIN\username is the old-fashioned naming, where DOMAIN stands for the NetBIOS name of the domain. As it should be unique in a trusted network, this doesn't require FQDN.

    The FQDN naming style is the username@FQDN - but SQL Server cannot digest it at the moment. So I'm afraid your problem is unresolvable at the moment :(

    (this is just speculation, but supported with experience - I never saw any option to provide FQDN\username style login info)

    -- Erik -- http://blog.rollback.hu
    Tuesday, July 14, 2009 1:53 AM