The login is from an untrusted domain and cannot be used with windows authentication
I’ve just installed SQL Server 2008 Developer edition and I’m trying to connect using SQLCMD.exe, but I get the following error:
8 Answers 8
You’re not passing any credentials to sqlcmd.exe
So it’s trying to authenticate you using the Windows Login credentials, but you mustn’t have your SQL Server setup to accept those credentials.
When you were installing it, you would have had to supply a Server Admin password (for the sa account)
for reference, theres more details here.
In my case, this error was caused by renaming my client machine. I used a new name longer than 13 characters (despite the warning), which resulted in the NETBIOS name being truncated and being different from the full machine name. Once I re-renamed the client to a shorter name, the error went away.
and it works.. (I have the Microsoft SQL Server\100\Tools\Binn directory in my path).
Still not sure why the SQL Server 2008 version of SQLCMD doesn’t work though..
Your error is quite literally saying «you’re trying to use Windows Authentication, but your login isn’t from a trusted domain». Which is odd, because you’re connecting to the local machine.
Perhaps you’re logged into Windows using a local account rather than a domain account? Ensure that you’re logging in with a domain account that is also a SQL Server principal on your SQL2008 instance.
Do you specify a user name and password to log on? What exactly is your complete command line?
I was getting this error too, although my issue was that I kept switching between two corporate networks via my Virtual Machine, with different access credentials. I had to run the command prompt:
After this my network issues were resolved and I could connect once again to SQL.
Just found this thread and posted an alternative answer (copied below) here: https://stackoverflow.com/a/37853766/1948625
But recently I added a line in the static host file for testing purposes ( C:\Windows\System32\drivers\etc\hosts )
Removing this line and the error is gone.
I got a clue from this article (https://support.microsoft.com/en-gb/kb/896861) which talks about hostnames and loopback.
Other possible fix (if you need to keep that line in the hosts file) is to use the hostname (like MYSERVER01 ) instead of 127.0.0.1 in the data source of the connection string.
The login is from an untrusted domain and cannot be used with windows authentication
Вопрос
Windows 8 Pro подключается к SQL Server 2008 R2/2012 по Windows Autentification. Если сидеть под локальной учётной записью, то подключается нормально и можно работать. Не нормально начинается когда подключаюсь под учётной записью Microsoft (ну эта, которая с минсвипером, пасьянсами и бесплатной почтой). Credential Manager настроить пробовал не помогло.
Ответы
1. Отставить баловство c I-net учетками и юзать «старые-добрые» local/domain учетки. И коннектиться к серверу под Windows Autentification.
2. Продолжать баловаться с этими учетками, а SQL Server перевести в mixed-режим аутентификации. И конектиться, ясное дело, по логину/паролю.
«Третьего не дано». (C)
Все ответы
1. Отставить баловство c I-net учетками и юзать «старые-добрые» local/domain учетки. И коннектиться к серверу под Windows Autentification.
2. Продолжать баловаться с этими учетками, а SQL Server перевести в mixed-режим аутентификации. И конектиться, ясное дело, по логину/паролю.
«Третьего не дано». (C)
К 2012 серверу не получается подключиться даже под локальной учётной записью, хотя к 2008 можно. Я проверил, единственное их отличие в том что 2008 имеет локальных пользователей (и пользователь моего локального компа имеет такое же имя и пароль, как пользователь 2008), а 2012 берет логины из контролера домена (логин и пароль на контроллере домена такие же как и на моём компе). Как исправить?
то подключается к 2012 но постоянно нужно вбивать пароль
Лично я, из последнего сообщения ветки, не понял ни-че-го. Попробуйте изложить так:
2. Что хочется и в каком именно месте эта «хотелка» не срабатывает.
На буквах не экономьте, нам, по эту сторону экрана, в общем-то, есть чем заняться кроме как расшифровывать полу-законченные вопросы/сообщения. 🙂
>> что 2008 имеет локальных пользователей
Прошу прощения за краткость.
SQL Server 2008 Windows Auth Login Error: The login is from an untrusted domain
When attempting to connect to a SQL Server 2008 Instance using Management Studio, I get the following error:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
I can login using SQL Authentication without problem. I’ve been getting this error all of a sudden. I have Mixed Mode Authentication turned on.
Does anyone have any experience with this?
Additional Info: 64-bit version of SQL Enterprise Edition On Windows 2003 Server
35 Answers 35
For me, this happened when I edited a blank drivers/etc/hosts file, and added an entry for a local website, but neglected to add 127.0.0.1 localhost
The issue was caused by a down Active Directory Server, which of course could not authenticate the Windows account. Thank you for your assistance.
For anyone else who runs into this, I had this in my hosts file:
and I needed it to be this:
«The issue was caused by a down Active Directory Server, which of course could not authenticate the Windows account»
or other specific security network/server/AD/machine configurations
Make sure you aren’t connected to a VPN on another domain\user. Or, conversely, make sure you are connected, if that is what is required.
I had this issue for a server instance on my local machine and found that it was because I was pointing to 127.0.0.1 with something other than «localhost» in my hosts file. There are two ways to fix this issue in my case:
*This only worked for me when I was running the sql server instance on my local box and attempting to access it from the same machine.
I fixed this issue on machine disabling the loopback check setting:
try using a different valid login using RUNAS command
For me, it was because i did not add the account to have roles I wanted to use to the SQL Database itself. And also due to a bad password attempts via copy paste problem locking account.
Okay, completely out there answer from me. I was getting this error from a development environment hosted on VM VirtualBox. Three servers; SharePoint, SQL DB and Domain Controller. The SharePoint server couldn’t connect to the configuration database. I could still connect via ODBC for Sql authentication using SA account but not Windows authentication. But that user would happily log into SSMS on the sql server itself. I got a better error message from ODBC too and also by checking the failed login messages on sql server:
Can’t take credit for this because I asked one of our Enterprise Systems Administrators for help and he diagnosed it in about 5 minutes of looking at a few screen shots I sent him. Problem was that the Domain Controller’s clock was set incorrectly! Couldn’t believe it. The servers are setup for Host Only networking so don’t have internet to sync the clock with. That also explains why rolling back to an earlier snapshot when I know the system was working didn’t solve the problem.
Edit: Installing the Guest Additions on the server syncs the guest clock with the host.
There is a setting on the jTDS driver called USENTLMV2 that is set to false by default. Setting this to ‘true’ in my db software (DBVisualizer) solved it.
Another scenario where you might see this is when you are attempting to connect to another SQL server from an SSMS session that was already logged-in while you changed your password. Sequence of events might go something like:
To resolve, simply logoff and log back in
I have been trying to log into a SQL Server 2008 from a domain account. The SQL Server 2008 is hosted on a different workgroup computer that is not part of the domain. As strange as it sounds, on the workgroup server where SQL Server 2008 is running, I had to go to System Properties | Computer Name (tab) | Change (button) | Computer Name Change | More. (button) and enter the «Primary DNS suffix of this computer» (it was blank, so enter the desired suffix for your network) and check the «Change primary DNS suffix when domain membership changes» box. This allowed the Windows Authentication process to complete when logging into the SQL Server 2008.
I had to use netonly to get this to work on modern Windows:
runas /netonly /user:domain\user «C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\ssms.exe»
Another reason> someone changed the password for the default SQL user
I had wrong entry in hosts file under C:\Windows\System32\drivers\etc
Make sure to have entry like below
I was using an alias for an SQL Server instance that pointed to «127.0.0.1». Changing it to «localhost» instead did the trick.
If your Sql Server is running on a server that’s is not part of a domain and in the connection string you use a fully qualifed domain name (e.g. xyz.mypc.com) with Integrated Security=True, you might have to switch to using either the IP address, MachineName (SERVER01), or the dot (.) in case it’s locally hosted.
This worked for me, using the fqdn resulted in the above error.
in order to enable windows authentication both computers need to be in the same domain. in order to allow managment studios to pass the current credentials and authenticate in the sql box
For me, I have to disconnect (change workgroup/domain) from the Domain and reconnect.
And another possible reason: The new created local Account on DB Server had the: «User must change Password at next Login» Flag set.
Here’s what fixed it for me: Properties of network connection Click on: «Internet Protocol Version 4 (TCT/IPv4)». Click «Properties» button. Click «Advanced» button. Select «DNS» tab. Delete text in «DNS suffix for this connection».
I wasn’t able to remotely connect to the SQL server either. Both SQL server and remote server where in the same domain. And I had been requested a password change some days before. Restarting both the SQL server and the remote server I was trying to access SQL server from did the trick for me.
In our case it was the fact that the developer was running the application pool under his own account, and had reset his password but forgot to change it on the application pool. Duh.
In my case, the server had been disabled in the domain controller. I went into the COMPUTERS OU in Active directory, right-clicked on the server,enabled it, then did a gpupdate /force from the SQL server. It took a moment, but it finally worked.
In my case, in the host file, the machine name is hard coded with older IP. I replace the older IP with the new one, the issue is resolved.
Host file location
Modifications done 159.xx.xx.xxx MachineName
None of the above worked for me. What I had to do was: In SQL Server Management Studio on the login screen, select Options >> In the Network section change the Network protocol to Named Pipes.
Also, what I had to do to make it work with the setting was to disable the wireless network (the machine was also connected to the wired lan).
My fix was to change the web.config file to correlate with my new server name for SQL Connection (IT Security had just done a netdom rename on my development box.
Not the answer you’re looking for? Browse other questions tagged sql-server or ask your own question.
Linked
Related
Hot Network Questions
Subscribe to RSS
To subscribe to this RSS feed, copy and paste this URL into your RSS reader.
site design / logo © 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. rev 2021.4.15.39090
By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.
Error: Login failed. The login is from an untrusted domain and cannot be usedwith Windows authentication
I am working over LAN using sql server inside visual studio 2013. My server has an ip address of 192.168.0.19 and my client is 192.168.0.18 my port is 49170 which i configured at windows firewall. I connect the client into the ip address of the server but i always end up on getting the Error: Login failed. The login is from an untrusted domain and cannot be usedwith Windows authentication. I use windows authentication because i haven’t set a username and a password through my installation. I think im getting the error because i must use the Sql Server Authentication. But how? I dont know what to enter on username and password. Please help. Thanks!
3 Answers 3
I had this problem today, and it was caused by my Active Directory account being locked out.
To check if this is the cause for you, simply open a Command Prompt and run:
For example: » net user jsmith /domain «.
If your account is locked, it’ll report this in the results.
I had the same issue recently. My account was not locked out, but my password had expired whilst I had an RDP session open (this session stayed open for days). Thus I could access the local SQL (on the RDP box) but when I tried to connect to a remote server in SSMS, I got the same error.
When I tried to RDP into the remote server, I then got a usable error message to the tune of. ‘Your password has expired; change it or contact an admin’.
I change the password in my open RDP session; thereafter, I could login directly to the remote server, and could access it via SSMS in my open session.
Note: If I’d run the NET USER command as Mike suggests, I would have been able to see that the password expired the previous day:
To solve this you can disable the loopback check by adding a registry entry as follows:
If above doesn’t solve the issue, we need to create SPNs for SQL Service account. While searching for SETSPN.exe command I came across this nice tool which can help a lot of pain like syntax error etc. is called as “Microsoft® Kerberos Configuration Manager for SQL Server®” which can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=39046
The best piece about this tool is that it can help in finding missing SPN and provide script to run or fix it directly, if you have permission. Basically, it can
The login is from an untrusted domain and cannot be used with windows authentication
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Asked by:
Question
Error Message:
TITLE: Connect to Server
——————————
Cannot connect to SQL.
——————————
ADDITIONAL INFORMATION:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)
what I’am trying to do.
Installing a Windows 2012 R2 Standard Server with Skype for Business 2015 and SQL 2014 on it.
SQL should only be used by SfB 2015.
Windows Server is in domain. (domain.lab)
Added a static DNS Name SQL for the same IP of the SKYPE server. (tried static and Alias CNAME)
Connecting the SQL via skype.domain.lab works perfekt.
Connecting the SQL via SQL.domain.lab gives the error message.
Any help would be appreciated.
Second DNS is needed because of enterprise installation of SfB 2015.
All replies
Joie Andrew «Since 1982»
I successful logon to the database with Management Studio from localhost using windows authentication with servername skype.domain.lab.
But I can not logon with servername sql.domain.lab.
There is no multidomain.
Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/
runas /netonly /user:domain\user «C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\ssms.exe»
Please Mark it as Answered if it answered your question OR mark it as Helpful if it help you to solve your problem.
runas /netonly /user:domain\user «C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\ssms.exe»
Please Mark it as Answered if it answered your question OR mark it as Helpful if it help you to solve your problem.
-> SQL starts till logon screen of Management Studio. Servername sql01.domain.lab still gives the same error.
you have two subdomains skype.domain.lab and sql.domain.lab. Let us assume you have an account called test in skype.domain.lab with a password of password. Create an identical account in the domain sql.domain.lab called test with the password of password. When you try to logon to your SQL Sever using Skype.domain.lab\test it will first try test before sql.domain.lab\test. You can also create an identical account on the local machine running SQL.
Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/
To login with Windows Authentication, you will need to create an SPN (service principal name) for your SQL server. This works if SQL Server is running as the builtin Network Service account (not if you use the account created when you install SQL)