We have multiple IIS web applications running on multiple web servers that connect to a SQL Server on a separate machine on the same domain.
Everything was running smoothly for over a year, then we had some major network issues. There was a problem with the replication between the primary and secondary domain controllers. There was an issue with Distributed File System services, Event ID 14530 ("DFS could not access its private data from the Active Directory.").
We got the network issues sorted out apparently, except now, none of the IIS web applications can connect to the SQL Server. We are using Windows Authentication. The error message is "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication." This is weird because we have verified that both the web servers and the SQL Server are in fact on the domain.
To make things weirder, the Network Admin removed the SQL Server from the domain and rejoined it, and the websites worked again... but only for a few minutes. Then the same error started occurring again!
The Network Admin and I have been working on this issue for several days. Any ideas would be appreciated.
Edit:
We can connect using SSMS. Also, applications that do not use IIS can connect. For example, we have a developer with some Fox and Cloud applications that use connection strings that can connect.
We have tried removing and re-adding the web servers to the domain.
The errors in the SQL Server log are as follows:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
Error: 18452, Severity: 14, State: 1.
SSPI handshake failed with error code 0x80090311 while establishing a connection with integrated security; the connection has been closed.
Error: 17806, Severity: 20, State: 2.
Edit 2:
The system log on one of the web servers contained this error this morning:
This computer could not authenticate with [domain controller], a Windows domain controller for domain [domain name], and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
Edit 3:
I have tried pretty much everything suggested in this thread, including making sure the user was not locked out, the password was not expired, and the hosts file did not contain an invalid entry for localhost.
I've created a self-signed certificate and configured with SQL Server Express. The encryption works fine on my PC.
When I export the certificate to another PC I can import fine and can see the certificate in MMC under Personal > Certificates.
However when I try to configure with SQL Server Express on the new PC, the certificate does not appear in the dropdown.
Any suggestions?
I have tried a few things suggested on other forums
Making sure the private key is exported
Making sure the certificate was created for local system (not user)
Copy certificate into trusted certificates
Look at the properties for the certificate CN value. You will find that it has the "computer name" of the system that you created it on (which means "localhost"). This will not work when you copy the certificate to another system as the machine name will be different.
I am using the ThinkTecture IdentitySever3 in my Web Api project and it has been working fine for the past 2 months in the project I am developing. Suddenly as of today, I am running into this exception when I try to use authentication:
"The remote certificate is invalid according to the validation procedure"
The project is using the idsrv3test.pfx that comes as a part of the IdentityServer3 samples.
Any ideas why it would suddenly start to behave like that? And how to fix it of course?
I was running into very similar issues.
I had to go into MMC add the certificate plugin.
Find and remove all certificates with localhost.
Reboot
Go to programs and features in windows Search for IIS Express and select REPAIR
Reboot
Launch Visual studio 2015 Open my Application with IdentityServer in it.
Run it and accept the prompt in VS 2015 to add and trust the
localhost cert.
I am trying to connect to SQL Server 2012 on a separate domain to Visual Studio/ my computer. (It’s my personal machine on a workgroup).
I have access to the server and can log in fine with SQL authentication but want to log on via Windows Authentication. When I try I get the following error:
The login is from an untrusted domain and cannot be used with Windows Authentication.
This is on the data connection of Visual Studio- nothing to do with any code.
How do I make the domain trusted (without login via AD on my machine) or get around this issue?
I tried using Control Panel credential manager but with no luck.
Thank You
That is a setting on the domain controller, not on your computer. The domain the SQL Server is in needs to trust the domain you are login in from. As you have a workgroup computer, that domain would be just your computer.
Talk to your domain admin to see if they can make that happen.
I managed to solve it by running the following command from the same folder as the software:
runas /netonly /user:<Username and Domain> <name of exe>
I suddenly started getting this error when trying to connect to any of my sql servers (25+) from SSMS on Windows XP. When I left work yesterday everything was working fine, came in this morning, and I started getting this. Tried rebooting my pc but that obviously didn't fix it. My co-workers can all connect just fine. Searched for a solution but everything I found was regarding encryption in regards to .NET applications. Not sure how to apply that to SSMS.
alt text http://picasaweb.google.com/lh/photo/-l9VrFuYXk-A80NzZ1kzng?feat=directlink
For some reason the image won't work so the error is this:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server)
The question seems to have been answered, but I wanted to chime in. For some providers, such as SQL Server, there is a parameter in connection string which lets you connect to server encrypted even if certificate is unknown: "TrustServerCertificate=True", so if you include that in a connection string, you will connect and work encrypted, and will not have to run connection non-encrypted.
Try this...
Its gotta be a client issue if you lost connection to all your remote servers and your coworkers are fine. You probably got "clicky" and changed some settings inadvertantly.
Open your client network utility (mine is here: C:\WINDOWS\system32\cliconfg.exe).
Under the General Tab, check out the disabled protocols. They should all have "force protocol encryption" unchecked. If this is checked for any of those values, your local SSMS is probably trying to force an encrypted connection and failing.
Report back if this doesn't work, and I'll poke around a bit more.
When connecting using MS SQL Server Management Studio in the connect window go to Options->Connection Properties and check checkbox Trust server certificate
You connect to your SQL Servers requesting encrypted connections and you don't trust the certificate(s) used by those servers. Why that happens depends on a myriad or reasons.
Do your servers use self-signed certificates or PKI issued certificates?
Who is the PKI authorithy that issued your certificates? Is it a corporate certificate service?
Does your computer trust the PKI root authority?
If you don't know the answers to this, you must contact your network and security administrators. Simply disabling protocl enforcing requirement from your client may be against corporate policy, or the servers may enforce SSL anyway disregarding your local setting.
These are all questions you should ask your own environment admins, not public forums. You should try to solve the issue, not hack your way arround it and end up with a non-compliant machine.
From this link:
Disable client-side Force Encryption
on the server. On the machine that
runs the SQL Server instance, open up
the SQL Server Configuration Manager,
right-click SQL Native Client
Configuration, and set Force Protocol
Encryption to No. Then try connecting
locally.
http://blogs.msdn.com/sql_protocols/archive/2005/12/22/506607.aspx
I got this error, I tried to connect a remote server SQL (SaaS) in MS Cloud
I added a new firewall rule in Azure portal with my client IP that solved my issue
Open Command Prompt: press Windows Key+ R then type cmd and run
Enter this:
runas /user:[YourDomainName]\[YourActiveDirectoryUserName] /netonly cmd
Enter your active directory password and press enter
In New Command Window enter your SSMS.exe Path with double cotation like:
"C:\Program Files (x86)\Microsoft SQL Server\130\Tools\Binn\ManagementStudio\Ssms.exe"
Then login with windows athentication