Login Resolution To Wrong Domain Account

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » SQL Server 2005 Security » Login Resolution To Wrong Domain Account

Rate Topic

Display Mode

Topic Options

Author

Message

Ted Zatopek

Posted Friday, August 31, 2012 7:36 AM

Forum Newbie

Group: General Forum Members
Last Login: Monday, May 06, 2013 9:11 AM
Points: 8, Visits: 51

We have a domain ID that was created under a particular name and then renamed in AD under the same SID. Occasionally SQL starts to resolve login attempts under the old name instead on the new name. So application login attempts fail. I can verify this is happening by doing the following...

1. Open the new login dialog box and click on search.
2. Type in Domain\NewDomainName and click on Check Names.
3. The correct ID (the new name) is displayed.
4) Click OK
5) The incorrect ID (the old name) is displayed.

If I then type in the correct ID name and click OK, the correct new name is added to the login list. The login attempt to the application is then successful.

The problem is resolved for several days and then it reoccurs.

The current suggestion in my group is to reboot the boxes, but I can't get downtime for a couple of weeks. The environment is a 3+1 cluster on 4 64-bit boxes.

Anybody have any ideas on what the root cause of this could be?

Thanks for any help

Post #1352805

RBarryYoung

Posted Friday, August 31, 2012 10:03 AM

SSCrazy Eights

Group: General Forum Members
Last Login: Saturday, May 04, 2013 11:13 AM
Points: 9,855, Visits: 9,374

Yes, SQL Server does seem to "sticky-cache" a lot of the AD security information for a long time. Rebooting your server is probably the recommended way to fix that.

Alternatively, you could try removing the Login from SQL Server and then re-adding it. That might work, but it might also be more trouble than it's worth.

-- RBarryYoung, (302)375-0451 blog: MovingSQL.com, Twitter: @RBarryYoung
Proactive Performance Solutions, Inc. "Performance is our middle name."

Post #1352949

Ted Zatopek

Posted Friday, August 31, 2012 10:13 AM

Forum Newbie

Group: General Forum Members
Last Login: Monday, May 06, 2013 9:11 AM
Points: 8, Visits: 51

Thanks for the info. "sticky-cache" does seem like a pretty appropriate description of this AD behavior.

I had tried removing the ID and readding it, but unfortunately that didn't resolve the sticky-ness. Smile

Post #1352956

opc.three

Posted Friday, August 31, 2012 10:53 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 5:29 AM
Points: 6,699, Visits: 11,728

I rarely recommend it, but in this case I would try rebooting too.

This thread has a lot of the same symptoms: http://www.sqlservercentral.com/Forums/Topic1328455-1550-1.aspx

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy

Post #1352976

Ted Zatopek

Posted Friday, August 31, 2012 12:19 PM

Forum Newbie

Group: General Forum Members
Last Login: Monday, May 06, 2013 9:11 AM
Points: 8, Visits: 51

That thread does sound like the same thing.

Thanks for your help! For some reason, it's a little comforting to know that someone else seems to be experiencing the same thing.

Post #1353039

Ted Zatopek

Posted Wednesday, October 24, 2012 8:53 AM

Forum Newbie

Group: General Forum Members
Last Login: Monday, May 06, 2013 9:11 AM
Points: 8, Visits: 51

We did get an approval for a reboot and that solved the issue.

Post #1376528

opc.three

Posted Wednesday, October 24, 2012 9:04 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 5:29 AM
Points: 6,699, Visits: 11,728

Good to know, thanks for posting back the resolution.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy

Post #1376535

« Prev Topic | Next Topic »

Permissions