Can anyone provide any insight on the impact of Security group vs Domain Local Security on cross forest authentication?
That might be more of a Windows/Active Directory question than SQL Server, but this might help:
http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx
In our client's case it was to do with being able to grant database access permissions to certain external users without granting much else.
I had this issue when using a domain local group to provide SQL Server authentication across domains (users and group were in one domain, the SQL box was in another). I changed the group type to Universal and the problem was solved.
I received this error when connect was revoked from the public role and a login was attempted from a domain account with only public access. Once CONNECT was granted again the error went away.
Script used to revoke CONNECT:
REVOKE VIEW ANY DATABASE FROM public
REVOKE CONNECT ON ENDPOINT::[TSQL Local Machine] FROM public
REVOKE CONNECT ON ENDPOINT::[TSQL Named Pipes] FROM public
REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] FROM public
REVOKE CONNECT ON ENDPOINT::[TSQL Default VIA] FROM public
Script used to grant CONNECT to login:
GRANT CONNECT TO [DOMAIN\LOGIN]
[font="Verdana"][font="Verdana"][font="Verdana"] Can you check where are the two users running reports from? I suspect it would be from their desktops.
And user name xxxx\xxxx some times could be local system account like NT Authority\anonymos,. please confirm. You could validate where the connection is coming from using ip in error log [CLIENT: xxx.xxx.xxx.xxx]
I know this is queite old post, but probably,if we get solution would be useful for others.[/font]
I had the same issue with both Token-based and Login-based authentication.
Ive blogged my solution here:
http://dbamohsin.wordpress.com/2011/09/06/token-based-server-access-validation-failed-with-an-infrastructure-error/[/url]
if you dont want to read that then run this code for the user experiencing issues...
GRANT CONNECT SQL TO [DOMAIN\firstname.lastname]
GRANT CONNECT ON ENDPOINT::"TSQL Default TCP" TO [DOMAIN\firstname.lastname]
I am also having a very similar issue.
I think I discovered a solution.
In my case, it was sufficient to start the SQL Server Browser Service on the SQL server.
Viewing 15 posts - 16 through 30 (of 30 total)
You must be logged in to reply to this topic. Login to reply