We have a "windows integrated authentication" user whose default database was deleted.
Now when trying to login, we get an error saying, login for the user failed.
I found a solution from Microsoft to use SQLCMD. However, I am unable to issue the alter login command for that user. The error message states that the login 'mylogin' does not exist or you do not have permissions.
Unfortunately, I don't have sa credentials on that server.
Is there another way to change the default database on login?
You really need to issue the ALTER USER command from an account with sufficient privileges, or specify the Initial Catalog in the connection string when connecting, from whatever client app is being used.
Is there another way to change the default database on login?
No. Have you tried logging in to a specific database, not the default?
http://www.connectionstrings.com/
has all info about connection strings you ever need. You can set an "Initial Catalog" in the connection string. That is not "the default of the user" but it is the one to be used for THAT connection.
Sadly, if you do not have the rights to create a db or reconfigure the user, that is where it stops... need to do that on every login then. Retrieve the SA password.
Related
We are using SQL server 2014, we update a password for a user login here
we click properties on a given login account and change the password here
we are certain we entering it correctly when we then try to login to the server using the login and password we get the following error
I don't know where else to look and what else to change -- when we do the same process on a different server it works without issue. But here its failing.
Where should we look and what else do we need to troubleshoot. Could it be we don't have access to certain databases, how do we fix this.
These are some of the errors coming through in the system logs
Message
Login failed for user ‘abc’. Reason: Failed to open the explicitly specified database ‘AMS'. [CLIENT---]
Message
Login failed for user 'abc’. Reason: Failed to open the database ‘Budget’ specified in the login properties. [CLIENT: ---]
Message
Login failed for user ‘abc’. Reason: Password did not match that for the login provided. [CLIENT: ----]
You must set a default database where the user AND relative login can access.
Logins are objects with a password
Users are objects, mapped to Logins, added to SQL Server entities.
Under Server -> Security -> Logins
Unser Database -> Security -> Users
Check also if the user is correctly mapped to the login.
To solve your problem you can set the master database as the default for your login.
You can find out more about the error in the SQLServer logs as described here https://learn.microsoft.com/en-us/sql/relational-databases/performance/view-the-sql-server-error-log-sql-server-management-studio?view=sql-server-ver16.
If you are looking for a quick fix to your problem, you can either:
assign more server roles to your login
or grant it an individual permission
use master;
grant CONNECT ANY DATABASE TO <login>;
BACKGROUND
The user is defined in Azure AD and in Azure SQL.
test.user#company.com is defined and active in Azure AD. I’m able to log in with this user in Azure portal.
I have created a contained database user with the clause "from external provider" in the Azure SQL database and added the user to the db_datareader system role. The commands commits without error. I have compared the Asset ID in Azure AD and the SID in database and they match. I have tried with different users.
I am able to login as an AD User assigned to the SQL servers assigned "Active Directory Admin"
SQL Server users also login without any issue
Login test in SSMS
I have set default database to the specific database I’m trying to log into (Options-Connect to database).
I have tried with different Authentication modes:
“Azure Active Directory – Universal with MFA” and
“Azure Active Directory – Password”
When I try to login with SSMS I get
Error: 18456, state 1, class 14.
When I query [sys].[event_log] it returns
[event_systype]= 4, [event_subtype_desc] = login_failed_for_user.
PROCESS FOLLOWED
I have a user defined in Azure AD. (test.user#company.com)
In my Azure SQL database, I have set an Active Directory administrator.
I have created a user in SSMS test.user#company.com with the following syntax:
CREATE USER [test.user#company.com] FROM EXTERNAL PROVIDER;
I have assigned the user to the db_datareader role with the following syntax:
ALTER ROLE db_datareader ADD MEMBER [test.user#company.com]
ISSUE: When I try to connect as test.user#company.com, the connection fails and I get this error:
Login Failed for user test.user#company.com
Details of error contains:
Error Number: 18456, State: 1, Class: 14
I have tried to find an answer on learn.microsoft.com, googled my ass off and found some useful resources on this, but none that actually helps me with pinpointing what to do to resolve the issue. If anybody have an Idea of what I'm doing wrong, ref "PROCESS FOLLOWED" I'd be forever grateful :)
I solved it by a workaround, setting up a new database.
I did not find the cause of the problem, but it must be related to database setup "DTU"-"Basic" or some setting that I have managed to set without remembering.
Anyways, my process works when I set up a new database with "DTU"-"Standard" Configuration.
It seems to be some kind of encoding problem. After almost giving up and using a different DB, I tried creating a new one, but without some special characters. And suddenly, it worked.
If you can't change your database's password, you can just edit the connection string in another editor and it works as well (Notepad, VS code, etc).
Suppose I have a login metamanager\test which shows when I execute T-SQL, but it is not there when when I expand Security -> Login in SSMS.
Same with a database user.
I try to replicate but failed
use master
select * from sys.syslogins is used for login
use DB
select * from sys.sysusers is used for database user
A LOGIN and a USER are completely different objects.
A LOGIN is a server object, and appear in sys.syslogins, as you see.
A USER is a database object, and for a LOGIN to have access to a database, it needs to have a USER mapped to the LOGIN in that database. A LOGIN with no mapped logins in any databases, and without any server level roles, will be unable to access any of the database on the instance, apart from those that the public roles has in tempdb and master.
It appears, here, you need to create the user in the database, and then give it the appropriate permissions. You can create the USER with the following:
USE {YourDatabase};
GO
CREATE USER 'metamanager\test' FOR LOGIN 'metamanager\test';
You'll need to give it the appropriate permissions afterwards.
Also, after you have created the user, ensure you have refreshed your object explorer. Object explorer doesn't automatically refresh after you create an object.
Not sure if you explaining it correctly, but syslogins and server_principals are about the same. Only the difference that server_principals include "Roles".
As far as I know it is impossible to have something in syslogins, which does not exist in server_principals.
I am currently setting up some users for my Azure SQL DWH. I have created a Login at server level and a User at my database. However, I am getting a login failed message if I try to use my database user. If I use the Login I have created it works just fine. This Login also only has access to the views I have granted it access to. Am I missing something really obvious or is there something different about logins and roles in SQL DWH?
CREATE LOGIN Login WITH PASSWORD = 'Password';
CREATE USER User FROM LOGIN Login;
You cannot use “user” as the name of the new database login because is a reserved word. Additionally add the login to the datareader role and try again.
EXEC sp_addrolemember 'db_datareader', 'newdatabaseuser';
Try to login to the SQL Data Warehouse server without specifying the database. If you are able to connect then with above statement you may solve the issue.
If you are trying to get connected from an application please make sure you are using appropriate drivers. Learn more about it here.
Hope this helps.
I would like to know if it is possible to change a SQL Server authentication account to Windows Authentication?
Why would I want to do this you are asking yourself right now, well I don't want to give out a SQL Server Auth username and password to multiple users to connect to the database, currently the company do things this way, and we don't really have another choice. When we deploy a new database script we don't always have the Windows Auth account before it gets released and we don't want to go an update our deployment script.
I am trying to do this using
ALTER USER Test
WITH NAME = [mydomianname\username]`
I've tried it but no luck.
I keep getting this error:
Msg 15151, Level 16, State 1, Line 1
Cannot alter the user 'Test', because it does not exist or you do not have permission.
Thank you in advance!
I think you should be altering user with login not name, because with name you just rename the user:
ALTER USER Test WITH LOGIN = [mydomianname\username]
But it is impossible because of:
Cannot remap a user of one type to a login of a different type. For
example, a SQL user must be mapped to a SQL login; it cannot be
remapped to a Windows login.