login failed for nt authority\anonymous logon when using active directory integrated auth ? RRS feed

  • Question

  • hello,

    I am trying to open V12 SQL Azure database , 

    my NT account "X" is defined as 'Contributor'  role in  Active Directory Integrated Authentication"  - with my NT Account defined 

    logging in to SSMS 2016 CTP3 , using Active Directory Integrated Authentication, I see this :login failed for nt authority\anonymous logon

    Any suggestions ?


    Monday, December 7, 2015 10:29 PM

All replies

  • Hello Peter-
    One clarification question. Do you have an Azure AD user account created in the specific Azure SQL database? The best way to check is to run  select* from sys.database_principalsand to see if the X account is there. Please note that SQL Server does not propagate Azure AD accounts automatically and it has to be done manually. If you don’t see your account (user), follow the documentation on Azure AD user creation for SQL DB ( see the MSN doc "Connecting to SQL Database By Using Azure Active Directory Authentication"), otherwise if the user X is there please contact the <SQLAzureADAuth@microsoft.com>  alias for further investigation.
    Thanks Mirek
    Mirek Sztajno, Senior Program Manager, SQL Security team

    Thursday, January 7, 2016 12:37 AM
  • I am also seeing the same issue. I am using Token based authentication to connect to sql server. could you please help me as it is urgent. My code below. Error occurs con.Open()

     using (SqlConnection con = new SqlConnection(testAzureSqlDWconnString))
                        con.AccessToken = GetAuthorizationHeader().Result;
                        con.Open(); //This is where i get teh error


     public static async Task<string> GetAuthorizationHeader()
                AuthenticationResult result=null;

     AuthenticationContext context = new AuthenticationContext(ConfigurationManager.AppSettings["ActiveDirectoryEndpoint"] + ConfigurationManager.AppSettings["ActiveDirectoryTenantId"]);
                    if (context != null)
                        ClientCredential credential = new ClientCredential(

                        result = await context.AcquireTokenAsync(
                           resource: ConfigurationManager.AppSettings["WindowsManagementUri"],
                           clientCredential: credential);



    Tuesday, January 9, 2018 4:55 AM
  • I was getting this error when I had not added the user to the Master database.  The user had been added to the database the user was actually interested in.   Adding the user to the Master database resolved the issue.

    I initially did not add the user to the Master Database because of this paragraph in the MS documentation.

    "Azure Active Directory authentication requires database users to be created as contained database users. A contained database user based on an Azure AD identity, is a database user that does not have a login in the master database, and which maps to an identity in the Azure AD directory that is associated with the database."

    After reading again, I realize that it says that they shouldn't have a "LOGIN" in the master database, but they sure need a USER.

    Friday, March 16, 2018 12:11 PM