Home Forums SQL Server 2008 Security (SS2K8) Linking to SQL Server in one domain from a different domain works but... RE: Linking to SQL Server in one domain from a different domain works but...

  • May 24, 2011 at 9:23 am

    #1329156

    Brian,

    Thanks for asking. To Clarify the Event Id(s) given above where from the OS Security log. The Error Message numbers that we get in the SQL log at the time of the failures were:

    1)

    Error: 17806, Severity: 20, State: 14.

    -and-

    2)

    SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. [CLIENT: xxx.xxx.xxx.xxx].

    (The value after "CLIENT:" was a valid IP Address from the webserver machine which I redacted according to my company's policy.)

    These are exactly the error I would expect if a user from the C zone attempted to connect to any resource in the B zone as that credential is from an untrusted Domain. What we don't get on the SQL side is any indication of what the database messages are when it WORKS. Only that when it's doing a "explict login", the 4638 events in the webserver's OS security log, that the application layer works and we don't see anything at all in the SQL log.