Login error - The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)

  • Hi All,

    I am getting below error while trying to connect SQL from remote server. Local login is working fine. Can anyone help  on this. Thanks in advance.

    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • I would say from the limited information supplied. The request is coming from another domain which has no domain trust in place with the destination domain. Is there a domain difference? Between the source and destination.

  • If by local login you mean using the same account you can log into the server itself then you may want to check the account on that server and make sure the account has the rights to  "Access this computer from network" under Local Security Policy, User Rights

    Sue

  • I may be mistaken on this one, but I THINK the service account not being able to talk to AD can cause that problem too.
    Might want to check that the SQL Service account can talk to the AD server.

  • Talib123 - Monday, July 31, 2017 7:57 AM

    I would say from the limited information supplied. The request is coming from another domain which has no domain trust in place with the destination domain. Is there a domain difference? Between the source and destination.

    Thanks for replying.
    Both the source and destination servers are in same domain.

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • Sue_H - Monday, July 31, 2017 10:52 AM

    If by local login you mean using the same account you can log into the server itself then you may want to check the account on that server and make sure the account has the rights to  "Access this computer from network" under Local Security Policy, User Rights

    Sue

    I am able to take RDP login on both the servers with same domain account, both servers are part of same domain. I can connect locally on each server but when  trying to connect first one server's SQL in second server then its throwing error and vice-versa.

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • Do both servers have an SPN? If not Kerberos may not be able to pass your login token from one server to another. What is the error you get when trying to connect? 
  • Has this ever worked?
    Is there a different SQL instance you can successfully connect to on the network from your local machine?

  • Joe Torre - Tuesday, August 1, 2017 9:34 AM

    Do both servers have an SPN? If not Kerberos may not be able to pass your login token from one server to another. What is the error you get when trying to connect? 

    This is what my guess would be as well.
    Aditya - Check the SPNs for both of the servers. It's pretty easy to check using the tool from Microsoft:
    Kerberos Configuration Manager for SQL Server

    Sue

  • Thanks All. 
    Special thanks to Joe Torre and Sue_H !

    The issue was with the SPN. used Kerberos Configuration Manager for SQL Server to check SPN.
    After registering SPNs the issue was resolved , and now I am able to connect SQL without issue from one another servers.

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • Do each servers have an SPN? If not Kerberos may additionally no longer be capable to skip your login token from one server to another. What is the error you get when making an attempt to connect?

     

  • This was removed by the editor as SPAM

  • This was removed by the editor as SPAM

  • I am having the exact same issue getting pronest to connect to the shared db on a windows 2016 server. I added the computer name/pw as a user on the server. The Pronest DB is set to use windows authentication and cannot be changed for some reason to both SQL and Windows auth. I also added the username and pw of the workstation computer to the sql database. did you make any other changes to get this to work?

Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic. Login to reply