SQL Server 2008 Windows Auth Login Error: The login is from an untrusted domain
Sql ServerSql Server Problem Overview
When attempting to connect to a SQL Server 2008 Instance using Management Studio, I get the following error:
> Login failed. The login is from an > untrusted domain and cannot be used > with Windows authentication. > (Microsoft SQL Server, Error: 18452)
I can login using SQL Authentication without problem. I've been getting this error all of a sudden. I have Mixed Mode Authentication turned on.
Does anyone have any experience with this?
Additional Info: 64-bit version of SQL Enterprise Edition On Windows 2003 Server
Sql Server Solutions
Solution 1 - Sql Server
Another reason this might happen (just happened to me) ... is the user's password expires. I didn't realize this until I tried to remote into the actual server and was prompted to change my password.
Solution 2 - Sql Server
For me, this happened when I edited a blank drivers/etc/hosts
file, and added an entry for a local website, but neglected to add 127.0.0.1 localhost
Solution 3 - Sql Server
The issue was caused by a down Active Directory Server, which of course could not authenticate the Windows account. Thank you for your assistance.
Solution 4 - Sql Server
For anyone else who runs into this, I had this in my hosts file:
127.0.0.1 localhost
127.0.0.1 customname
and I needed it to be this:
127.0.0.1 localhost
127.0.0.1 localhost customname
Solution 5 - Sql Server
> "The issue was caused by a down Active Directory Server, which of course could not authenticate the Windows account"
It is not "of course - because if AD is not available then Kerberos authentication falls back to NTLM (domain account credentials are cached locally, one can login with it even if AD/Kerberos is not available). I guess that you have possibly 2 simultaneous conditions for this failure to happen:
- SQL Server is not local (on another machine)
- The trust is configured "Kerberos only"
or other specific security network/server/AD/machine configurations
Solution 6 - Sql Server
Make sure you aren't connected to a VPN on another domain\user. Or, conversely, make sure you are connected, if that is what is required.
Solution 7 - Sql Server
I had this issue for a server instance on my local machine and found that it was because I was pointing to 127.0.0.1 with something other than "localhost" in my hosts file. There are two ways to fix this issue in my case:
- Clear the offending entry pointing to 127.0.0.1 in the hosts file
- use "localhost" instead of the other name that in the hosts file that points to 127.0.0.1
*This only worked for me when I was running the sql server instance on my local box and attempting to access it from the same machine.
Solution 8 - Sql Server
There is a setting on the jTDS driver called USENTLMV2 that is set to false by default. Setting this to 'true' in my db software (DBVisualizer) solved it.
Solution 9 - Sql Server
I fixed this issue on machine disabling the loopback check setting:
- Edit the Windows registry: Start –> Run > Regedit
- Navigate to: HKLM\System\CurrentControlSet\Control\LSA
- Add a DWORD value called “DisableLoopbackCheck”
- Set this value to 1
Solution 10 - Sql Server
try using a different valid login using RUNAS command
runas /user:domain\user “C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ssmsee.exe”
runas /user:domain\user “C:\WINDOWS\system32\mmc.exe /s \”C:\Program Files\Microsoft SQL Server\80\Tools\BINN\SQL Server Enterprise Manager.MSC\”"
runas /user:domain\user isqlw
Solution 11 - Sql Server
For me, it was because i did not add the account to have roles I wanted to use to the SQL Database itself. And also due to a bad password attempts via copy paste problem locking account.
Solution 12 - Sql Server
Okay, completely out there answer from me. I was getting this error from a development environment hosted on VM VirtualBox. Three servers; SharePoint, SQL DB and Domain Controller. The SharePoint server couldn't connect to the configuration database. I could still connect via ODBC for Sql authentication using SA account but not Windows authentication. But that user would happily log into SSMS on the sql server itself. I got a better error message from ODBC too and also by checking the failed login messages on sql server:
select text from sys.messages where message_id = '18452' and language_id = 1033
Can't take credit for this because I asked one of our Enterprise Systems Administrators for help and he diagnosed it in about 5 minutes of looking at a few screen shots I sent him. Problem was that the Domain Controller’s clock was set incorrectly! Couldn't believe it. The servers are setup for Host Only networking so don't have internet to sync the clock with. That also explains why rolling back to an earlier snapshot when I know the system was working didn't solve the problem.
Edit: Installing the Guest Additions on the server syncs the guest clock with the host.
Solution 13 - Sql Server
Another scenario where you might see this is when you are attempting to connect to another SQL server from an SSMS session that was already logged-in while you changed your password. Sequence of events might go something like:
- RDP to Server-A (your SQL Server), open SSMS and login
- RDP to Server-B in the same domain and change your password
- Return to RDP session on Server-A and via SSMS attempt to add another DB into an existing AlwaysOn availability group. When connecting to replicas you get "untrusted domain"-login-error
To resolve, simply logoff and log back in
Solution 14 - Sql Server
You may be misleaded about the username you use locally. That was my case in Windows 10 Home. When I look at users in control panel, I see the name usrpc01. However when I type net config workstation
, it appears that the user's name is spc01. Seems like someone renamed the user, but the internal name remained unchanged.
Not knowing how to fix windows user name (and the folder name under C:\Users
, which also refers to the original internal name), I added a new user accout on my db server.
Solution 15 - Sql Server
I have been trying to log into a SQL Server 2008 from a domain account. The SQL Server 2008 is hosted on a different workgroup computer that is not part of the domain. As strange as it sounds, on the workgroup server where SQL Server 2008 is running, I had to go to System Properties | Computer Name (tab) | Change (button) | Computer Name Change | More... (button) and enter the "Primary DNS suffix of this computer" (it was blank, so enter the desired suffix for your network) and check the "Change primary DNS suffix when domain membership changes" box. This allowed the Windows Authentication process to complete when logging into the SQL Server 2008.
Solution 16 - Sql Server
I had to use netonly to get this to work on modern Windows:
runas /netonly /user:domain\user "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\ssms.exe"
Solution 17 - Sql Server
Another reason> someone changed the password for the default SQL user
this happened to me a couple of minutes ago by switching to a new domain controller ...
Solution 18 - Sql Server
I had wrong entry in hosts file under C:\Windows\System32\drivers\etc
[Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
Make sure to have entry like below
127.0.0.1 localhost
127.0.0.1 localhost servername
Solution 19 - Sql Server
I was using an alias for an SQL Server instance that pointed to "127.0.0.1". Changing it to "localhost" instead did the trick.
Solution 20 - Sql Server
If your Sql Server is running on a server that's is not part of a domain and in the connection string you use a fully qualifed domain name (e.g. xyz.mypc.com) with Integrated Security=True, you might have to switch to using either the IP address, MachineName (SERVER01), or the dot (.) in case it's locally hosted.
This worked for me, using the fqdn resulted in the above error.
Solution 21 - Sql Server
in order to enable windows authentication both computers need to be in the same domain. in order to allow managment studios to pass the current credentials and authenticate in the sql box
Solution 22 - Sql Server
For me, I have to disconnect (change workgroup/domain) from the Domain and reconnect.
Solution 23 - Sql Server
And another possible reason: The new created local Account on DB Server had the: "User must change Password at next Login" Flag set.
Solution 24 - Sql Server
Here's what fixed it for me: Properties of network connection Click on: "Internet Protocol Version 4 (TCT/IPv4)". Click "Properties" button. Click "Advanced" button. Select "DNS" tab. Delete text in "DNS suffix for this connection".
Solution 25 - Sql Server
I wasn't able to remotely connect to the SQL server either. Both SQL server and remote server where in the same domain. And I had been requested a password change some days before. Restarting both the SQL server and the remote server I was trying to access SQL server from did the trick for me.
Solution 26 - Sql Server
In our case it was the fact that the developer was running the application pool under his own account, and had reset his password but forgot to change it on the application pool. Duh...
Solution 27 - Sql Server
In my case, the server had been disabled in the domain controller. I went into the COMPUTERS OU in Active directory, right-clicked on the server,enabled it, then did a gpupdate /force from the SQL server. It took a moment, but it finally worked.
Solution 28 - Sql Server
In my case, in the host file, the machine name is hard coded with older IP. I replace the older IP with the new one, the issue is resolved.
Host file location
WindowsDrive:\Windows\System32\drivers\etc\hosts
Modifications done 159.xx.xx.xxx MachineName
Solution 29 - Sql Server
None of the above worked for me. What I had to do was: In SQL Server Management Studio on the login screen, select Options >> In the Network section change the Network protocol to Named Pipes.
Also, what I had to do to make it work with the <default>
setting was to disable the wireless network (the machine was also connected to the wired lan).
Solution 30 - Sql Server
My fix was to change the web.config file to correlate with my new server name for SQL Connection (IT Security had just done a netdom rename on my development box.
Solution 31 - Sql Server
I replaced the connecting string and it started working
from
main_sqlconnection = New SqlConnection("Data Source=Server1\SQLEXPRESS;Initial Catalog=Master;Trusted_Connection=True")
to
main_sqlconnection = New SqlConnection("Data Source=Server1\SQLEXPRESS;Initial Catalog=Master;User ID=ARM;Password=1;")
I created the account User ID=User;Password=1;
in Microsoft SQL Server Management Studio: click on Security and add a new user.
Solution 32 - Sql Server
You need to enable the sa
account first and log in to your SQL management studio with the sa
account (please chose SQl Server authentication).
After you logged in with the sa account, go to security
, right-click on logins
, select new login
, select SQL Server authentication
, create a user name (no /
or any other special characters, just a name), then give it a password, confirm the password and at the bottom of that page select your default Database.
Go to logins
, right-click on the user you created and click on properties
.
Go to Server Roles
and select the roles you want to give to the user you created.
Click OK
and go back to login properties
, click on User Mapping
, double-click on the database you want to map this user to and select the database role membership for that database in the bottom window.
Solution 33 - Sql Server
Make sure you are are not using "Trusty_Connection=yes" somewhere. I had this same problem and I fix by simply setting this to "no".
Solution 34 - Sql Server
I had the same problem when I wanted to run my project on another PC. Changing connection string from
Data Source=JOHN-PC\JJ;Initial Catalog=MyDatabase;Integrated Security=True;Pooling=False
to
Data Source=JOHN-PC\JJ;Initial Catalog=MyDatabase;Persist Security Info=True;User ID=MyUserName;Password=MyUserPassword
helped me.
This is the link where original answer is: Login failed.The login is from an untrusted domain...
Hope this would help.
Solution 35 - Sql Server
Just remove Trusted_Connection=True
property from the connection string.