April 15, 2009 at 4:45 pm
Has anyone else had this problem? I added a domain group with 15 users to a SQL 2005 SP3 instance, but those users can't connect even when I make that user a sysadmin! The domain groups I added when it was SP2 still work just fine however. I'm SUPER frustrated because googling I haven't found anyone else that has had this problem.
This is the error that is logged when one of those users tries to log in using windows authentication. Keep in mind that the user FIB\Erin.Edwards belongs to a domain group [FIB\IT_FIB Production IT Infrastructure Users] that is a sysadmin on this instance. So confused as this worked fine in SP2...
Event Type:Failure Audit
Event Source:MSSQLSERVER
Event Category:(4)
Event ID:18456
Date:4/15/2009
Time:1:29:50 PM
User:FIB\erin.edwards
Computer:ITSM001
Description:
Login failed for user 'FIB\erin.edwards'. [CLIENT: 172.20.214.43]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 48 00 00 0e 00 00 00 .H......
0008: 08 00 00 00 49 00 54 00 ....I.T.
0010: 53 00 4d 00 30 00 30 00 S.M.0.0.
0018: 31 00 00 00 07 00 00 00 1.......
0020: 6d 00 61 00 73 00 74 00 m.a.s.t.
0028: 65 00 72 00 00 00 e.r...
April 16, 2009 at 3:21 am
I don't think it's related to SP3, at least I don't have such issues on my servers.
Could it be that the login for the group is disabled?
Another possibility is that the default database for the login no longer exists. In that case Login will fail even for sysadmins.
[font="Verdana"]Markus Bohse[/font]
April 16, 2009 at 9:01 am
MarkusB (4/16/2009)
I don't think it's related to SP3, at least I don't have such issues on my servers.Could it be that the login for the group is disabled?
Another possibility is that the default database for the login no longer exists. In that case Login will fail even for sysadmins.
The login is not disabled, I know that because I watched the user log in to the desktop with it before trying to connect to the database. I have gotten this error from all 15 users in this group.
The default database for the login I have changed from master to our dw to our production just to be sure that wasn't the problem. I'm still seeing this problem, maybe I'll have to see if its a problem with the way the group is set up in the domain. Thanks for your response!
April 16, 2009 at 9:18 am
If nothing helps, Restart the server/services, which probably will help.
Sometime the security/permissions won't take effect until after a restart.
April 16, 2009 at 9:42 am
sunny Brook (4/16/2009)
If nothing helps, Restart the server/services, which probably will help.Sometime the security/permissions won't take effect until after a restart.
Ya, that's a HUGE problem, this is a server with 9 Instances and somewhere around 100 24/7 databases. Restarting this server is NOT acceptable for adding a user. What really erks me is that all the domain groups that I added BEFORE upgrading to SP3 work just fine. I've checked the domain settings, and all the properties of this group match the ones that are working. I'm completely out of idea's :(.
April 16, 2009 at 9:48 am
Could there be a deny in there somewhere?
Can you add the specific user? Can you create a new user and a new group in AD, then add them? I'm not sure this is an SP3 issue, but you might need to do some more testing here.
April 16, 2009 at 10:54 am
Steve Jones - Editor (4/16/2009)
Could there be a deny in there somewhere?Can you add the specific user? Can you create a new user and a new group in AD, then add them? I'm not sure this is an SP3 issue, but you might need to do some more testing here.
Ok, it turns out that the problem was the way the AD group was created. It was made a local authority group instead of a universal security group. Once that was changed and users logged out and back in it authenticates fine :). Than you for all your suggestions, each one helped me get to the solution!
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply