SQL Server 2008 Windows Auth Login Error: The login is from an untrusted domain

When attempting to connect to a SQL Server 2008 Instance using Management Studio, I get the following error:

> Login failed. The login is from an > untrusted domain and cannot be used > with Windows authentication. > (Microsoft SQL Server, Error: 18452)

I can login using SQL Authentication without problem. I've been getting this error all of a sudden. I have Mixed Mode Authentication turned on.

Does anyone have any experience with this?

Additional Info: 64-bit version of SQL Enterprise Edition On Windows 2003 Server

Another reason this might happen (just happened to me) ... is the user's password expires. I didn't realize this until I tried to remote into the actual server and was prompted to change my password.

For me, this happened when I edited a blank drivers/etc/hosts file, and added an entry for a local website, but neglected to add 127.0.0.1 localhost

The issue was caused by a down Active Directory Server, which of course could not authenticate the Windows account. Thank you for your assistance.

For anyone else who runs into this, I had this in my hosts file:

127.0.0.1	localhost
127.0.0.1	customname

and I needed it to be this:

127.0.0.1	localhost
127.0.0.1	localhost	customname

> "The issue was caused by a down Active Directory Server, which of course could not authenticate the Windows account"

It is not "of course - because if AD is not available then Kerberos authentication falls back to NTLM (domain account credentials are cached locally, one can login with it even if AD/Kerberos is not available). I guess that you have possibly 2 simultaneous conditions for this failure to happen:

• SQL Server is not local (on another machine)
• The trust is configured "Kerberos only"

or other specific security network/server/AD/machine configurations

Make sure you aren't connected to a VPN on another domain\user. Or, conversely, make sure you are connected, if that is what is required.

I had this issue for a server instance on my local machine and found that it was because I was pointing to 127.0.0.1 with something other than "localhost" in my hosts file. There are two ways to fix this issue in my case:

1. Clear the offending entry pointing to 127.0.0.1 in the hosts file
2. use "localhost" instead of the other name that in the hosts file that points to 127.0.0.1

*This only worked for me when I was running the sql server instance on my local box and attempting to access it from the same machine.

There is a setting on the jTDS driver called USENTLMV2 that is set to false by default. Setting this to 'true' in my db software (DBVisualizer) solved it.

I fixed this issue on machine disabling the loopback check setting:

1. Edit the Windows registry: Start –> Run > Regedit
2. Navigate to: HKLM\System\CurrentControlSet\Control\LSA
3. Add a DWORD value called “DisableLoopbackCheck”
4. Set this value to 1

try using a different valid login using RUNAS command

runas /user:domain\user “C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ssmsee.exe” 

runas /user:domain\user “C:\WINDOWS\system32\mmc.exe /s \”C:\Program Files\Microsoft SQL Server\80\Tools\BINN\SQL Server Enterprise Manager.MSC\”" 

runas /user:domain\user isqlw 

For me, it was because i did not add the account to have roles I wanted to use to the SQL Database itself. And also due to a bad password attempts via copy paste problem locking account.

Okay, completely out there answer from me. I was getting this error from a development environment hosted on VM VirtualBox. Three servers; SharePoint, SQL DB and Domain Controller. The SharePoint server couldn't connect to the configuration database. I could still connect via ODBC for Sql authentication using SA account but not Windows authentication. But that user would happily log into SSMS on the sql server itself. I got a better error message from ODBC too and also by checking the failed login messages on sql server:

select text from sys.messages where message_id = '18452' and language_id = 1033

Can't take credit for this because I asked one of our Enterprise Systems Administrators for help and he diagnosed it in about 5 minutes of looking at a few screen shots I sent him. Problem was that the Domain Controller’s clock was set incorrectly! Couldn't believe it. The servers are setup for Host Only networking so don't have internet to sync the clock with. That also explains why rolling back to an earlier snapshot when I know the system was working didn't solve the problem.

Edit: Installing the Guest Additions on the server syncs the guest clock with the host.

Another scenario where you might see this is when you are attempting to connect to another SQL server from an SSMS session that was already logged-in while you changed your password. Sequence of events might go something like:

1. RDP to Server-A (your SQL Server), open SSMS and login
2. RDP to Server-B in the same domain and change your password
3. Return to RDP session on Server-A and via SSMS attempt to add another DB into an existing AlwaysOn availability group. When connecting to replicas you get "untrusted domain"-login-error

To resolve, simply logoff and log back in

You may be misleaded about the username you use locally. That was my case in Windows 10 Home. When I look at users in control panel, I see the name usrpc01. However when I type net config workstation, it appears that the user's name is spc01. Seems like someone renamed the user, but the internal name remained unchanged.

Not knowing how to fix windows user name (and the folder name under C:\Users, which also refers to the original internal name), I added a new user accout on my db server.

I have been trying to log into a SQL Server 2008 from a domain account. The SQL Server 2008 is hosted on a different workgroup computer that is not part of the domain. As strange as it sounds, on the workgroup server where SQL Server 2008 is running, I had to go to System Properties | Computer Name (tab) | Change (button) | Computer Name Change | More... (button) and enter the "Primary DNS suffix of this computer" (it was blank, so enter the desired suffix for your network) and check the "Change primary DNS suffix when domain membership changes" box. This allowed the Windows Authentication process to complete when logging into the SQL Server 2008.

I had to use netonly to get this to work on modern Windows:

runas /netonly /user:domain\user "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\ssms.exe"

Another reason> someone changed the password for the default SQL user

this happened to me a couple of minutes ago by switching to a new domain controller ...

I had wrong entry in hosts file under C:\Windows\System32\drivers\etc

[Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

Make sure to have entry like below

127.0.0.1   localhost
127.0.0.1   localhost   servername

I was using an alias for an SQL Server instance that pointed to "127.0.0.1". Changing it to "localhost" instead did the trick.

If your Sql Server is running on a server that's is not part of a domain and in the connection string you use a fully qualifed domain name (e.g. xyz.mypc.com) with Integrated Security=True, you might have to switch to using either the IP address, MachineName (SERVER01), or the dot (.) in case it's locally hosted.

This worked for me, using the fqdn resulted in the above error.

in order to enable windows authentication both computers need to be in the same domain. in order to allow managment studios to pass the current credentials and authenticate in the sql box

For me, I have to disconnect (change workgroup/domain) from the Domain and reconnect.

And another possible reason: The new created local Account on DB Server had the: "User must change Password at next Login" Flag set.

Here's what fixed it for me: Properties of network connection Click on: "Internet Protocol Version 4 (TCT/IPv4)". Click "Properties" button. Click "Advanced" button. Select "DNS" tab. Delete text in "DNS suffix for this connection".

I wasn't able to remotely connect to the SQL server either. Both SQL server and remote server where in the same domain. And I had been requested a password change some days before. Restarting both the SQL server and the remote server I was trying to access SQL server from did the trick for me.

In our case it was the fact that the developer was running the application pool under his own account, and had reset his password but forgot to change it on the application pool. Duh...

In my case, the server had been disabled in the domain controller. I went into the COMPUTERS OU in Active directory, right-clicked on the server,enabled it, then did a gpupdate /force from the SQL server. It took a moment, but it finally worked.

In my case, in the host file, the machine name is hard coded with older IP. I replace the older IP with the new one, the issue is resolved.

Host file location

WindowsDrive:\Windows\System32\drivers\etc\hosts

Modifications done 159.xx.xx.xxx MachineName

None of the above worked for me. What I had to do was: In SQL Server Management Studio on the login screen, select Options >> In the Network section change the Network protocol to Named Pipes.

Also, what I had to do to make it work with the <default> setting was to disable the wireless network (the machine was also connected to the wired lan).

My fix was to change the web.config file to correlate with my new server name for SQL Connection (IT Security had just done a netdom rename on my development box.

I replaced the connecting string and it started working

from

main_sqlconnection = New SqlConnection("Data Source=Server1\SQLEXPRESS;Initial Catalog=Master;Trusted_Connection=True")

to

main_sqlconnection = New SqlConnection("Data Source=Server1\SQLEXPRESS;Initial Catalog=Master;User ID=ARM;Password=1;")

I created the account User ID=User;Password=1; in Microsoft SQL Server Management Studio: click on Security and add a new user.

You need to enable the sa account first and log in to your SQL management studio with the sa account (please chose SQl Server authentication).

After you logged in with the sa account, go to security, right-click on logins, select new login, select SQL Server authentication, create a user name (no / or any other special characters, just a name), then give it a password, confirm the password and at the bottom of that page select your default Database.

Go to logins, right-click on the user you created and click on properties.

Go to Server Roles and select the roles you want to give to the user you created.

Click OK and go back to login properties, click on User Mapping, double-click on the database you want to map this user to and select the database role membership for that database in the bottom window.

Make sure you are are not using "Trusty_Connection=yes" somewhere. I had this same problem and I fix by simply setting this to "no".

I had the same problem when I wanted to run my project on another PC. Changing connection string from

Data Source=JOHN-PC\JJ;Initial Catalog=MyDatabase;Integrated Security=True;Pooling=False

to

Data Source=JOHN-PC\JJ;Initial Catalog=MyDatabase;Persist Security Info=True;User ID=MyUserName;Password=MyUserPassword

helped me.

This is the link where original answer is: Login failed.The login is from an untrusted domain...

Hope this would help.

Just remove Trusted_Connection=True property from the connection string.