Post reply

Login error - The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)

  • July 31, 2017 at 6:20 am

    #332001

    Hi All,

    I am getting below error while trying to connect SQL from remote server. Local login is working fine. Can anyone help  on this. Thanks in advance.

    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • July 31, 2017 at 7:57 am

    #1953376

    I would say from the limited information supplied. The request is coming from another domain which has no domain trust in place with the destination domain. Is there a domain difference? Between the source and destination.

  • July 31, 2017 at 10:52 am

    #1953429

    If by local login you mean using the same account you can log into the server itself then you may want to check the account on that server and make sure the account has the rights to  "Access this computer from network" under Local Security Policy, User Rights

    Sue

  • July 31, 2017 at 12:21 pm

    #1953448

    I may be mistaken on this one, but I THINK the service account not being able to talk to AD can cause that problem too.
    Might want to check that the SQL Service account can talk to the AD server.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • July 31, 2017 at 11:27 pm

    #1953507

    Talib123 - Monday, July 31, 2017 7:57 AM

    I would say from the limited information supplied. The request is coming from another domain which has no domain trust in place with the destination domain. Is there a domain difference? Between the source and destination.

    Thanks for replying.
    Both the source and destination servers are in same domain.

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • August 1, 2017 at 12:13 am

    #1953510

    Sue_H - Monday, July 31, 2017 10:52 AM

    If by local login you mean using the same account you can log into the server itself then you may want to check the account on that server and make sure the account has the rights to  "Access this computer from network" under Local Security Policy, User Rights

    Sue

    I am able to take RDP login on both the servers with same domain account, both servers are part of same domain. I can connect locally on each server but when  trying to connect first one server's SQL in second server then its throwing error and vice-versa.

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • August 1, 2017 at 9:34 am

    #1953612

    Do both servers have an SPN? If not Kerberos may not be able to pass your login token from one server to another. What is the error you get when trying to connect? 

  • August 1, 2017 at 9:46 am

    #1953618

    Has this ever worked?
    Is there a different SQL instance you can successfully connect to on the network from your local machine?

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • August 1, 2017 at 11:49 am

    #1953644

    Joe Torre - Tuesday, August 1, 2017 9:34 AM

    Do both servers have an SPN? If not Kerberos may not be able to pass your login token from one server to another. What is the error you get when trying to connect? 

    This is what my guess would be as well.
    Aditya - Check the SPNs for both of the servers. It's pretty easy to check using the tool from Microsoft:
    Kerberos Configuration Manager for SQL Server

    Sue

  • August 2, 2017 at 11:04 pm

    #1953887

    Thanks All. 
    Special thanks to Joe Torre and Sue_H !

    The issue was with the SPN. used Kerberos Configuration Manager for SQL Server to check SPN.
    After registering SPNs the issue was resolved , and now I am able to connect SQL without issue from one another servers.

    -----------------
    Aditya Rathour
    SQL DBA

    Not Everything that is faced can be changed,
    but nothing can be changed until it is faced.

  • February 17, 2019 at 11:05 pm

    #2022241

    Go through this. This may help you out:
    https://blog.sqlauthority.com/2014/01/17/sql-server-fix-login-failed-for-user-username-the-user-is-not-associated-with-a-trusted-sql-server-connection-microsoft-sql-server-error-18452/

  • January 2, 2020 at 7:15 am

    This was removed by the editor as SPAM

  • January 2, 2020 at 11:44 am

    This was removed by the editor as SPAM

  • January 2, 2020 at 11:45 am

    This was removed by the editor as SPAM

  • February 21, 2020 at 9:02 pm

    #3727826

    I am having the exact same issue getting pronest to connect to the shared db on a windows 2016 server. I added the computer name/pw as a user on the server. The Pronest DB is set to use windows authentication and cannot be changed for some reason to both SQL and Windows auth. I also added the username and pw of the workstation computer to the sql database. did you make any other changes to get this to work?

Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic. Login to reply