September 19, 2007 at 1:27 pm
I have run across these error message in many postings, but I can't find any solutions that fit my situation. The server is question is runningwin 2003 and SQL Server 2005. It was recently refreshed and was taken off the network for this. Now it is outside the firewall and not on the domain. This error message appeared about a week after it went back up.
2007-09-07 16:37:35.12 Logon Error: 17806, Severity: 20, State: 2.
2007-09-07 16:37:35.12 Logon SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: xxx]
2007-09-07 16:37:35.12 Logon Error: 18452, Severity: 14, State: 1.
2007-09-07 16:37:35.12 Logon Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: xxx]
The client it is looking for is the server the went up while this server was being upgraded. I don't know who the user is. How can I resolve this?
D.
September 20, 2007 at 4:32 am
The Error :
SSPI handshake failed with error code 0x8009030c means "The token supplied to the function is invalid"
Please check if you have valid SQL Server 2005 certificates.
More info please check the link:
http://blogs.msdn.com/sql_protocols/archive/2005/12/30/508311.aspx
Minaz
"More Green More Oxygen !! Plant a tree today"
September 23, 2007 at 12:21 pm
First thing you need to do is download the setspn utility (link below):
Install it on your computer (or server). Next you'll need a Domain Admin account to use (unless you are a Domain Admin you cannot use setspn for this type of AD updates). Open up a DOS command window change directory to C:\Program Files\Resource Kit (the setspn installation default directory).
Then enter the following comand:
setspn -L servername
Your results may look something like this:
MSSQLSvc/servername.xxx.organization.org:1433
HOST/servername
HOST/servername.xxx.organization.org
Next enter the following commands:
setspn -D MSSQLSvc/servername.xxx.organization.org servername
setspn -D HOST/servername servername
setspn -D HOST/servername.xxx.organization.org servername
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
September 23, 2007 at 7:32 pm
Thanks for the information. Could you explain a little more about what it is supposed to do?
At my first reading of this, I'm not sure that I can do it. The server is not on the domain.
Thank,s
Deana
September 23, 2007 at 10:44 pm
You will have to either open a hole in the firewall for SSPI or change the Logins to SQL Sever.
The error is telling you that SQL Server cannot contact Active Directory on the Domain for security account verification.
Andy
September 24, 2007 at 8:21 am
Change the logins to SQL Server authentication?
Deana
December 6, 2008 at 4:00 pm
I encountered the same error; after several hours of reading various forum threads, none of the solutions remedied my case. Eventually, I decided to re-examine my network connection security settings which RESULTED in a simple solution. I fixed my problem by simply creating a firewall exception for SQL server. My approach was as follows on a Windows XP client connecting to SQL server on Windows Server 2003 (my domain controller):
1. Control panel --> Windows Firewall
2. On Windows Firewall Dialog --> Advanced Tab --> Choose current Network Connection --> Click Setting Button
3. On the Advanced Settings --> Services Tab --> Click Add Button
4. On the Services Settings dialog --> Enter the Host name or IP address of the SQL Server (I entered IP address) --> Then Enter the default port for SQL Server (1433) as Both External and Internal Port --> Select the protocol required (I selected TCP) --> Click OK for all the dialogs.
The above worked in my case, Hope it'll work in yours. 🙂
December 6, 2008 at 4:03 pm
Oops, I've just seen the date for this thread, its old!. Anyway, I hope it helps someone else. 😛
February 10, 2010 at 12:30 pm
I know this thread is kind of old. But, in case is useful for someone.
I had the same problem and tried almost all the tips in this thread and others around the Internet. However, none of them were useful for me. In my development environment I had been using a connection string which used a DNS name (Host A record, as a matter of fact) pointing to the IP of the server where SQL 2005 is installed.
After trying several things, I finally went to the web.config and changed the connection string to the server name. After this, I got another message: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. [CLIENT: <local machine>]
I had seen another article saying to give this user access to the data base under User Mappings and after that all worked like a charm.
Hope this is helpful for anyone.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply