Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Login Resolution To Wrong Domain Account Expand / Collapse
Author
Message
Posted Friday, August 31, 2012 7:36 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Yesterday @ 12:21 PM
Points: 37, Visits: 172
We have a domain ID that was created under a particular name and then renamed in AD under the same SID. Occasionally SQL starts to resolve login attempts under the old name instead on the new name. So application login attempts fail. I can verify this is happening by doing the following...

1. Open the new login dialog box and click on search.
2. Type in Domain\NewDomainName and click on Check Names.
3. The correct ID (the new name) is displayed.
4) Click OK
5) The incorrect ID (the old name) is displayed.

If I then type in the correct ID name and click OK, the correct new name is added to the login list. The login attempt to the application is then successful.

The problem is resolved for several days and then it reoccurs.

The current suggestion in my group is to reboot the boxes, but I can't get downtime for a couple of weeks. The environment is a 3+1 cluster on 4 64-bit boxes.

Anybody have any ideas on what the root cause of this could be?

Thanks for any help



Post #1352805
Posted Friday, August 31, 2012 10:03 AM


SSCrazy Eights

SSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy Eights

Group: General Forum Members
Last Login: Thursday, June 5, 2014 10:54 AM
Points: 9,902, Visits: 9,480
Yes, SQL Server does seem to "sticky-cache" a lot of the AD security information for a long time. Rebooting your server is probably the recommended way to fix that.

Alternatively, you could try removing the Login from SQL Server and then re-adding it. That might work, but it might also be more trouble than it's worth.


-- RBarryYoung, (302)375-0451 blog: MovingSQL.com, Twitter: @RBarryYoung
Proactive Performance Solutions, Inc.
"Performance is our middle name."
Post #1352949
Posted Friday, August 31, 2012 10:13 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Yesterday @ 12:21 PM
Points: 37, Visits: 172
Thanks for the info. "sticky-cache" does seem like a pretty appropriate description of this AD behavior.

I had tried removing the ID and readding it, but unfortunately that didn't resolve the sticky-ness.



Post #1352956
Posted Friday, August 31, 2012 10:53 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 4:52 PM
Points: 7,079, Visits: 12,569
I rarely recommend it, but in this case I would try rebooting too.

This thread has a lot of the same symptoms: http://www.sqlservercentral.com/Forums/Topic1328455-1550-1.aspx


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1352976
Posted Friday, August 31, 2012 12:19 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Yesterday @ 12:21 PM
Points: 37, Visits: 172
That thread does sound like the same thing.

Thanks for your help! For some reason, it's a little comforting to know that someone else seems to be experiencing the same thing.



Post #1353039
Posted Wednesday, October 24, 2012 8:53 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Yesterday @ 12:21 PM
Points: 37, Visits: 172
We did get an approval for a reboot and that solved the issue.


Post #1376528
Posted Wednesday, October 24, 2012 9:04 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 4:52 PM
Points: 7,079, Visits: 12,569
Good to know, thanks for posting back the resolution.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1376535
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse