locked
Access 2007 ADP to SQL Server 2012 with extended protection RRS feed

  • Question

  • Hello,

    I have a Access 2007 ADP client connecting to an sql server 2012. This works fine with standard security configuration, but when I activate extended protection on the SQL server, the Access client cannot connect to the server. I am using integrated security with a domain user and get the error message

    "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication."

    In sql server logfile I find:

    "SSPI handshake failed with error code 0x80090346, state 46 while establishing a connection with integrated security; the connection has been closed. Reason: The Channel Bindings from this client are missing or do not match the established Transport Layer Security (TLS) Channel".

    Is there any "easy" solution other than developing a new client based on an up to date Office version or Dot.Net?

    Regards,

      charles-f

    Wednesday, March 4, 2015 2:54 PM

Answers

  • Thank you for the additional information. ADP is using ADO driver under the hood. It is old and is no longer being maintained. In fact ADP has been removed from Access 2013. You would be wise to consider transitioning to other technology, for example ACCDB with ODBC Native Client driver.

    -Tom. Microsoft Access MVP

    • Marked as answer by Caillen Tuesday, March 17, 2015 2:39 AM
    Wednesday, March 4, 2015 5:22 PM

All replies

  • From the error message it sounds like the client and the server are not in the same domain, so Extended Protection cannot be used. Windows auth cannot be used either.

    -Tom. Microsoft Access MVP

    Wednesday, March 4, 2015 3:15 PM
  • Well, I have no problem connecting to the sql server from my pc using ssms with my domain account. I have also sucessfully create a odbc connection using the "SQL Server Native Client 11.0" driver and my domain account. My account is in a trusted domain, so this seems not to be the problem. 
    To me it rather looks like if Access is using an old driver which does not support the tls encryption required by the extended protection settings.

    regards, charles-f 

    Wednesday, March 4, 2015 4:04 PM
  • Thank you for the additional information. ADP is using ADO driver under the hood. It is old and is no longer being maintained. In fact ADP has been removed from Access 2013. You would be wise to consider transitioning to other technology, for example ACCDB with ODBC Native Client driver.

    -Tom. Microsoft Access MVP

    • Marked as answer by Caillen Tuesday, March 17, 2015 2:39 AM
    Wednesday, March 4, 2015 5:22 PM
  • OK. Thank you.

      charles-f

    Wednesday, March 4, 2015 7:33 PM