I am trying to set up an SQL Server Login and User using Windows Authentication.
What I have done so far is as follows:
Added a new non-administrator account to my PC called "User1". The PC is called "DESKTOP" so the full username is "DESKTOP\User1"
Created an SQL Server login for this user using the "FROM WINDOWS" option to link the SQL Login to my PC login. The user is called e.g. "DESKTOP\User1."
Created a database level user for the SQL Server login using the "FOR LOGIN" option to link the user to the SQL Server login.
Verified that the new database user is not a member of the "SysAdmins" group and that the login is enabled and login access is allowed.
Logged out of my administrator Windows account and logged in as "User1". I successfully logged in.
Started SSMS, ensured the username set was "DESKTOP\User1" and that "Windows Authentication" was selected.
When I pressed "Connect" I was presented with an error which in the event log reads as follows:
Token based server access validation failed with an infrastructure error
Server Name: DESKTOP
Error Number: 18456
Severity: 14
State: 1
Line Number: 65536
Reading about this, there is a suggestion that this is a UAC error. So I ran SSMS as an administrator. On Windows 8.1 it then asks me to log in with the system adminstrators account - which works - but then I am logged into SQL Server as "DESKTOP\Administrator" and not "DESKTOP\User1".
Why can't Windows pass my non-administrator credentials to SQL Server and log me in? The point of this is so that (in the future "domain") users can access the SQL Server with non-administrator privileges and using Windows Authentication.
Thanks in advance.
The problem was that the BUILTIN\Users group had its login permission disabled.
This must override the individual user accounts. DESKTOP\User1 must be part of this group, and the group level permission overrode it.
I am assuming you have the following message in your SQL Server event log:
Login failed for users ‘DESKTOP\User1’. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: xxx.xxx.xxx.xxx]
Error: 18456, Severity: 14, State: 12
State 12 means that SQL Server was able to authenticate you, but weren’t able to validate with the underlying Windows permissions.
Try logging into the server as the admin and running the following:
GRANT CONNECT SQL TO [DESKTOP\User1];
GRANT CONNECT ON ENDPOINT::"TSQL Default TCP" TO [DESKTOP\User1];
Related
I want to connect to SQL Server with Windows authentication and create a SQL Server user.
The error I get while doing this is:
Login failed for user 'PCNAME\UserName'. Reason: The account is disabled. (Microsoft SQL Server, Error: 18470)
I also get the following error when I try to connect with PsTools:
Unable to connect: Login failed for user 'NT AUTHORITY\SYSTEM'.
Reason: The account is disabled.
What kind of process should I provide to activate the NT AUTHORITY\SYSTEM user? Or how can I act?
Thank you in advance for your help.
Well, you are trying to connect while logged on as pcname\username. If this user is not created as a Windows user in SQL Server or is disabled in SQL Server, then you will not be able to connect. What you need to do is use an authorized account to created the windows authenticated user in pcname\username in SQL Server then you will be able to connect.
As for pcname\SYSTEM, this is a built in SID that is used by services. There is no reason you could not add this as a Windows authenticated user in SQL Server.
I am using SQL Server 2016 on Windows Server 2012.
Also I am using SQL Server in a workgroup.
What I did is
installed AD DC (SQL server was installed before i install AD DC)
Removed AD DC to go back to workgroup and get local administrator user
After I did this, I cannot login to SQL Server using Windows Auth anymore
When I try to login with Windows authentication, I got this error
Login failed for user 'domain\username'. (Microsoft SQL Server, Error: 18456)
and I checked error log for the error state, the error state was 5.
But when I connect using sa user and checked login folder in Security folder, I see the correct user with the same name as my local user name. See the screenshot below
My local admin username is WIN-2NEKEGJF11Q\Administrator
Please, help me
-see the red line
I changed authentication mode from "Windows Authentication" to "Windows Authentication and SQL Server Authentication" and also enabled "sa" user and changed it's password and defined another user.
But now when I want to login in SQL Server Management Studio, it will show me this error:
I restarted SQL services
I restarted windows
I changed authentication mode from windows registry (because I couldn't login and change it in Properties)
You should login with windows auth. again and you should change sa user permission in roles as system admin. at the end of this process you should restart again sql service in services.
You can't login because you have a bad setting of your sa user, so for fix this problem you have to do this
So you can login now. Then enter to properties of the server in the security page check windows authentication y also verify connection page and set to the default
I have installed SSMS (v17.1), created a new login at Security -> Logins, changed mode on the server (server: OWNER) to mixed mode. But the username/password combination doesn't seem to work. New Database Query -> SQL Server Authentication -> enter username/password and get error: Cannot connect to OWNER. Login failed for user 'myusername'. HELP!
According to Change Server Authentication Mode when the authentication mode is changed the server has to be restarted. Until restart SQL Server is still using Windows only authentication mode and that is what we can read is SQL Server error log as the reason of 18456 "login failed for user (...)"
I got this to work by following the instructions here: https://serverfault.com/questions/422269/where-can-i-find-the-user-in-this-iis-error-login-failed-for-user-iis-appool-w
All I did was create a user on the database, named IIS APPPOOL\DefaultAppPool, and a login, also named IIS APPPOOL\DefaultAppPool, using Windows authentication, and pointed the user at the login and it worked. Frankly, I'm still not sure why my custom SQL Server user didn't work, but at least I can move forward with my project.
I have a SQL Server 2008 R2 instance and can log in using the sa user. But I want to define another user (administrator) to log in with SQL Server Management Studio, so I did the following:
Logged in to the server in Management Studio as sa.
Right clicked on the database name.
Clicked on properties.
Then under permission, I select the required username (administrator).
And I grant him all the permission.
But when I tried to log in using administrator, I got the following error:
Login failed for user “administator” Error 18456.
Can anyone advise what might be the problem?
If the server encounters an error that prevents a login from succeeding, the client will display the following error mesage.
Msg 18456, Level 14, State 1, Server <server name>, Line 1
Login failed for user '<user name>'
This usually means that your connection request was successfully received by the server name you specified but the server is not able to grant you access for a number of reasons and throws error: 18456.
This eventID sometimes provides also state 1 which actually isn’t that useful as due to security reasons any error is converted to state 1 unless you can check logging on the server.
Microsoft does not provide very useful message boxes so below are some explanations why you get the error.
Invalid userID: SQL Server is not able to find the specified UserID on the server you are trying to get. The most common cause is that this userID hasn’t been granted access on the server but this could be also a simple typo or you accidentally are trying to connect to different server (Typical if you use more than one server)
Invalid password: Wrong password or just a typo. Remember that this username can have different passwords on different servers.
less common errors: The userID might be disabled on the server. Windows login was provided for SQL Authentication (change to Windows Authentication. If you use SSMS you might have to run as different user to use this option). Password might have expired and probably several other reasons….
18456 state 1 explanations: Usually Microsoft SQL Server will give you error state 1 which actually does not mean anything apart from that you have 18456 error. State 1 is used to hide actual state in order to protect the system, which to me makes sense. Below is a list with all different states and for more information about retrieving accurate states visit Understanding "login failed" (Error 18456) error messages in SQL Server 2005
SQL Authentication not enabled: If you use SQL Login for the first time on SQL Server instance than very often error 18456 occurs because Windows Authentication (only) is set in Server properties (security section).
To Access Server Properties,
- Open SQL Server Management Studio, go to Object Explorer pane (use view if you can’t see it).
- Use the connect button to connect to database engine for your server. Once connected you will see it in object explorer.
- Right click server and click properties. Server Properties window will appear.
See below screenshot that might be causing SQL login to fail
You should set Server Authentication to SQL Server Windows Authentication
To resolve this error follow the steps below on computer with SQL Server 2005.
Create new user with Administrator privilege with same username and password as of SQL Server 2008 in operating system.
On SQL Server database create new user by expanding DatabaseNode >> Security >> Login >> - Create New User and add this new user with Windows Authentication radio button selected. - This user can be only added by selected Windows Authentication it is Operating system’s User Login.
Once above two steps are completed when connected from SQL Server 2008 to SQL Server 2005 using Windows Authentication it will connect successfully.
How to fix? Check this link video SQL Server and Windows Authentication Mode page.
Source
You need to add a server login:
Connect to your SQL Server with SSMS as sa.
Drill into the server's Security folder in SSMS's Object Explorer pane.
Right-click on the server's Security > Logins folder that appears in Object Explorer.
Click on New Login... in the context menu that appears.
Provide details of the new login in the Login - New dialog that opens - particularly its General, Server Roles, and User Mappings pages (along the left). (See the screenshots of each page with sample input at the bottom of the answer.)
You may need to add a database user depending on your needs, but a server login (like your sa login) is necessary to connect to the SQL Server instance using Windows or SQL Server authentication. Mapping the new login to a database user (in the Login - New dialog's User Mappings page) will create a new user in the mapped database if you specify a username that does not already exist; alternatively you can map the new login to an existing database user.
Another SO question speaks to the differences between server logins and database users.
Login - New (General page)
SQL Server authentication
or
Windows authentication
Login - New (Server Roles page)
Login - New (User Mappings page)
SQL Server authentication
or
Windows authentication