Token-based server access validation failed with an infrastructure error

  • I would appreciate help with the following issue:

    I have created a local group in our SQL 2008 server and added two Windows user accounts "DOMAIN\UserName" I then added the local group to the database and granted read only access.

    The users are trying to link tables using MS Access using and ODBC connection and getting the following error.

    Users are not system administrators.

    Date                      6/30/2010 1:01:54 PM

    Log                         SQL Server (Current - 6/30/2010 1:10:00 PM)

    Source                  Logon

    Message

    Login failed for user 'DOMAIN\UserName'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 999.99.9.99]

     

    Date6/30/2010 1:01:54 PM

    LogSQL Server (Current - 7/1/2010 8:12:00 AM)

    SourceLogon

    Message

    Error: 18456, Severity: 14, State: 11.

    Database Server:

    windows Server 2008 R2 Enterprise

    System type: 64-bit Operating System

    SQL Server 2008

  • what error are you seeing in the SQL Server Log? What happens if you add the users directly, or add them to a domain group (Vs. a local group?) Sounds like domain trust/delegation issue...

    The probability of survival is inversely proportional to the angle of arrival.

  • My original post contains the error from SQL logs.

    I added users directly ... same result.

    I added them as part of an AD group ... same result.

    Thank you

  • something is not configured right. Check out this link:

    http://blogs.msdn.com/b/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx

    The probability of survival is inversely proportional to the angle of arrival.

  • Thank you for your response.

    I fount the cause of the problem. I just whished the MS error message in the logs could be more clear. The remote user with logging access problems was also part of a group that was denied access to our database. I completely overlooked this configuration. I then created a different group and granted access to the user. I also granted access explicitly and in both instances the users was denied access. Once I remove the group that denied access it all worked fine.

    p.reinoso

    🙂

  • Had this same issue.

    What caused it was that I set "Permission to Connect to database engine" to "Denied" in a different Active Directory group. This was in the Login Properties -> Status.

    What I did not understand is even if a user is in a different Active Directory group that is Granted access, the Deny access in the other AD group takes precedence. Any user in the "Denied" AD group will never be able to login no matter what other AD groups are granted access.

    The error messages are the same as above... wish Microsoft would put an error in saying "login denied access due to permissions" or something like that.

    Good luck!

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply