July 1, 2010 at 12:48 pm
I would appreciate help with the following issue:
I have created a local group in our SQL 2008 server and added two Windows user accounts "DOMAIN\UserName" I then added the local group to the database and granted read only access.
The users are trying to link tables using MS Access using and ODBC connection and getting the following error.
Users are not system administrators.
Date 6/30/2010 1:01:54 PM
Log SQL Server (Current - 6/30/2010 1:10:00 PM)
Source Logon
Message
Login failed for user 'DOMAIN\UserName'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 999.99.9.99]
Date6/30/2010 1:01:54 PM
LogSQL Server (Current - 7/1/2010 8:12:00 AM)
SourceLogon
Message
Error: 18456, Severity: 14, State: 11.
Database Server:
windows Server 2008 R2 Enterprise
System type: 64-bit Operating System
SQL Server 2008
July 1, 2010 at 12:58 pm
what error are you seeing in the SQL Server Log? What happens if you add the users directly, or add them to a domain group (Vs. a local group?) Sounds like domain trust/delegation issue...
The probability of survival is inversely proportional to the angle of arrival.
July 1, 2010 at 1:01 pm
My original post contains the error from SQL logs.
I added users directly ... same result.
I added them as part of an AD group ... same result.
Thank you
July 1, 2010 at 1:11 pm
something is not configured right. Check out this link:
The probability of survival is inversely proportional to the angle of arrival.
July 14, 2010 at 9:00 am
Thank you for your response.
I fount the cause of the problem. I just whished the MS error message in the logs could be more clear. The remote user with logging access problems was also part of a group that was denied access to our database. I completely overlooked this configuration. I then created a different group and granted access to the user. I also granted access explicitly and in both instances the users was denied access. Once I remove the group that denied access it all worked fine.
p.reinoso
🙂
October 18, 2013 at 10:09 am
Had this same issue.
What caused it was that I set "Permission to Connect to database engine" to "Denied" in a different Active Directory group. This was in the Login Properties -> Status.
What I did not understand is even if a user is in a different Active Directory group that is Granted access, the Deny access in the other AD group takes precedence. Any user in the "Denied" AD group will never be able to login no matter what other AD groups are granted access.
The error messages are the same as above... wish Microsoft would put an error in saying "login denied access due to permissions" or something like that.
Good luck!
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply