April 12, 2012 at 12:41 am
Hi;
I've worked on mssql 2008 RS I create a explicite login as a public role and give the permition to database.
when I try to connect by MSMS I get the error
Date2012-04-11 09:19:19
LogSQL Server (Current - 2012-04-11 09:19:00)
SourceLogon
Message
Login failed for user 'DOMAIN\USER'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.XX.XX.XX]
Date2012-04-11 09:19:19
LogSQL Server (Current - 2012-04-11 09:19:00)
SourceLogon
Message
Error: 18456, Severity: 14, State: 11.
What is strange when I assign sqladmin role to login its work fine
Regards
TomBra
April 12, 2012 at 1:00 am
Turn off UAC.
Steps in the links below:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This thing is addressing problems that dont exist. Its solution-ism at its worst. We are dumbing down machines that are inherently superior. - Gilfoyle
April 12, 2012 at 1:55 am
Thanks for replay.
Sorry I didn't mansion this in previous post but I run ms sql server 2008 but on MS Server 2003 and UAC is a figure of MS Server 2008 I think.
Although
The SQL was installed on local account which wasn't a domain one. I don't know is it important.
Now despite on which account (domain or local) service is running the error occur
Regards
Tomek
April 12, 2012 at 3:48 am
The service account shouldn't matter too much.
State 11 indicates a valid login, but fails on server access for some reason.
There's a MSDN blog on it here, see if any of the information in there is of use to you:
Cheers
April 12, 2012 at 9:43 am
You added the domain user to sql server logins? If so, did you add it as windows authentication?
Jared
CE - Microsoft
April 13, 2012 at 2:34 am
yes of course
April 13, 2012 at 2:54 am
Run this query:
SELECT
CONVERT (varchar(30), GETDATE(), 121) as runtime,
dateadd (ms, (a.[Record Time] - sys.ms_ticks), GETDATE()) as [Notification_Time],
a.* , sys.ms_ticks AS [Current Time]
FROM
(SELECT
x.value('(//Record/Error/ErrorCode)[1]', 'varchar(30)') AS [ErrorCode],
x.value('(//Record/Error/CallingAPIName)[1]', 'varchar(255)') AS [CallingAPIName],
x.value('(//Record/Error/APIName)[1]', 'varchar(255)') AS [APIName],
x.value('(//Record/Error/SPID)[1]', 'int') AS [SPID],
x.value('(//Record/@id)[1]', 'bigint') AS [Record Id],
x.value('(//Record/@type)[1]', 'varchar(30)') AS [Type],
x.value('(//Record/@time)[1]', 'bigint') AS [Record Time]
FROM (
SELECT CAST (record as xml) FROM sys.dm_os_ring_buffers
WHERE ring_buffer_type = 'RING_BUFFER_SECURITY_ERROR'
) AS R(x)
) a
CROSS JOIN sys.dm_os_sys_info sys
ORDER BY a.[Record Time] ASC
Look for any of these errors:
ErrorCode: 0×534
CallingAPIName: LookupAccountSidInternal
APIName: LookupAccountSid
This would indicate SQL Cant resolve the name against AD.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This thing is addressing problems that dont exist. Its solution-ism at its worst. We are dumbing down machines that are inherently superior. - Gilfoyle
April 13, 2012 at 6:53 am
Thank to all of you
I run the Query include to your post
there is no errors you mention
Regards
Tomek
February 16, 2016 at 2:02 pm
What about the below..?
ErroRCode : 0x139F
CallingAPIName : NLShimImpersonate
API Name: ImpersonateSecurityContext
Thanks.
Viewing 9 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply