Ben Miller’s World

August 31, 2007

Error in SQL (Error: 17806, Error: 18452) SSPI Problem

Filed under: SQL Server — Ben Miller @ 8:20 am

I recently came across this while managing a clustered SQL Server. There were various messages listed out on forums, etc., but for me we found that the error was originating because we have DNS issues and Domain Controllers (DC) was unreachable due to a network switch configuration problem.

So if you see these errors, you may see in the EventLog a NetLogon error relating to not being able to reach a domain controller to login, and you will get the error below because the DC is the one that hands the Kerberos token to the process for use in SSPI related activities.

Logon,Unknown,Error: 17806 Severity: 20 State: 2.
Logon,Unknown,Login failed for user ”. The user is not associated with a trusted SQL Server connection. [CLIENT: IPAddress]
Logon,Unknown,Error: 18452 Severity: 14 State: 1.
Logon,Unknown,SSPI handshake failed with error code 0×80090311 while establishing a connection with integrated security; the connection has been closed.

Good luck and have a great SQL day.

Advertisement

4 Comments »

  1. So did you ever find a solution to this issue?

    Comment by Anthony Robinson — August 1, 2008 @ 10:09 am | Reply

  2. Yes, the issue was that the DNS Server was down or misrouted and the Cluster could not find the Domain Controller. Once we reestablished connectivity to the Domain Controller, the error stopped.

    Comment by Ben Miller — August 1, 2008 @ 10:24 am | Reply

  3. Hi,

    I found that this error was caused by users who’s password had expired and had decided not to change it. Although they remained logged in and were able to operate on the network. When connecting from one SQL server to the next, kereberos was unable to pass their authentication details.

    Comment by Leon T — May 19, 2009 @ 2:34 am | Reply

  4. I had the same problem and tried almost all the tips in this thread and others around the Internet. However, none of them were useful for me. In my development environment I had been using a connection string which used a DNS name (Host A record, as a matter of fact) pointing to the IP of the server where SQL 2005 is installed.

    After trying several things, I finally went to the web.config and changed the connection string to the server name. After this, I got another message: Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’. [CLIENT: ]

    I had seen another article saying to give this user access to the data base under User Mappings and after that all worked like a charm.

    Hope this is helpful for anyone.

    Comment by Nery R. Gonzalez — February 10, 2010 @ 1:32 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Theme: Rubric. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.