Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL 2008 calls the login account Suspicious account Expand / Collapse
Author
Message
Posted Tuesday, June 25, 2013 9:05 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, June 28, 2013 12:07 PM
Points: 5, Visits: 11
I am instating a SharePoint in an outside subnet, the SQL 2008 is in a different subnet.
the SharePoint install cannot connect to the SQL, complaining about the account not being form the same domain.
ALL servers and accounts are registered with the same domain.
Actually only if I try to troubleshoot by trying to use the ODBC connection from the outside server that I see the error of the account being Suspicious because it is from another domain. I did change the account with the same thing, I also moved both servers from the domain and back in.
Thanks
Post #1467219
Posted Tuesday, June 25, 2013 10:15 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, October 9, 2014 1:02 PM
Points: 6,032, Visits: 5,284
1samharris (6/25/2013)
I am instating a SharePoint in an outside subnet, the SQL 2008 is in a different subnet.
the SharePoint install cannot connect to the SQL, complaining about the account not being form the same domain.
ALL servers and accounts are registered with the same domain.
Actually only if I try to troubleshoot by trying to use the ODBC connection from the outside server that I see the error of the account being Suspicious because it is from another domain. I did change the account with the same thing, I also moved both servers from the domain and back in.
Thanks

Your post is kind of unclear. Subnet differences (provided the difference subnets can talk to each other) are a non-issue for SQL and for AD. This "suspicious" message that you are getting where is it coming from SQL? AD? SharePoint? Please post the EXACT error message.

Also are you sure they are in the domain and not in a workgroup with the same name as the domain?

CEWII
Post #1467267
Posted Tuesday, June 25, 2013 10:28 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, June 28, 2013 12:07 PM
Points: 5, Visits: 11
the subnets 10.0.0.0/16 and 10.0.1.0/16 can talk, (for diagnosis I openeded all TCP / UDP and ICMP)
The error is a SQl error
the account is domain account and right now it has all the permissions.
the exact erro is:
the login is from an untrusted domain and cannot be used with windows authentication BUT it is a SQL erro 18452

Thanks
Post #1467275
Posted Tuesday, June 25, 2013 11:50 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, October 9, 2014 1:02 PM
Points: 6,032, Visits: 5,284
Ok that tells me that the account that is trying to access the SQL is from an AD domain that is different than the one that SQL is in AND that the AD domain SQL is on does not trust the one being used. Which I'm guessing is something like this:

DMZDomain\SharepointSQLUser
InternalDomain\SQLServiceUser

The DMZDomain would rarely be trusted by the InternalDomain but the InternalDomain would often be trusted by the DMZDomain if communication were allowed between them..

That error message is pretty clear, sharepoint is trying to use a login that is not trusted by the domain. As a side note I think I have seen this error when logged into a local account on a machine that was then trying to use trusted authentication to SQL.

CEWII
Post #1467307
Posted Tuesday, June 25, 2013 2:20 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, June 28, 2013 12:07 PM
Points: 5, Visits: 11
Actually there is only one domain and all elements discussed
Are members of the same domain. That is what is trange
Post #1467378
Posted Tuesday, June 25, 2013 2:28 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, October 9, 2014 1:02 PM
Points: 6,032, Visits: 5,284
Are the sharepoint services logging in with a domain account? Basically are you sure sharepoint is trying to connect using the credentials you think it is? Was the sharepoint computer in another domain when sharepoint was installed?

I'm grasping here for anything, because I agree, its weird.

CEWII
Post #1467382
Posted Tuesday, June 25, 2013 3:30 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, June 28, 2013 12:07 PM
Points: 5, Visits: 11
SharePoint services I think will start once you go through the configuration, which what I was going thourgh on the second screen where it asks to sql server and credentials. therefore the services are not up yet.

Now I started thinking about Kerberos, I am using NTLM, I know that SharePoint would ask for that but I have not even gotten to that part yet.

Also worth mentioning, this is on Amazon hosting with a VPS.
Thanks
Post #1467397
Posted Wednesday, June 26, 2013 7:36 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Sunday, December 14, 2014 11:59 PM
Points: 333, Visits: 555
1samharris (6/25/2013)
the subnets 10.0.0.0/16 and 10.0.1.0/16 can talk, (for diagnosis I openeded all TCP / UDP and ICMP)
The error is a SQl error
the account is domain account and right now it has all the permissions.
the exact erro is:
the login is from an untrusted domain and cannot be used with windows authentication BUT it is a SQL erro 18452

Thanks


They aren't two subnets. The mask /16 represents 10.0.x.x. The problem is not there as we seem to be looking at a single subnet.

Have you checked that TCP\IP is enabled within the SQL Configuration Manager and that the SQL Server Browser Service is enabled in the Windows Services?
Post #1467649
Posted Friday, June 28, 2013 11:45 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, June 28, 2013 12:07 PM
Points: 5, Visits: 11
UPDATE: Since this is an instance under Amazon AWS, I created a ticket and eventually got help.
the issues ended up to be not related to sharepoint or SQL, it was a security conflict between two policies, one governing the internal subnet and one governing the DMZ.
Within those two, I did not have EXPLICIT exception to allow certain traffic between both.
Thank you guys for your informative questions.
Post #1468655
Posted Friday, June 28, 2013 12:02 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, October 9, 2014 1:02 PM
Points: 6,032, Visits: 5,284
Thanks for the update.

CEWII
Post #1468664
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse