February 20, 2023 at 12:46 pm
Hello People,
I found information over the internet and went step by step to check each setting but i surrender myself and decided to post here regarding this issue which i am facing.
Login Failed. The login is from an untrusted domain and cannot be used with Windows authentication. Microsoft SQL Server, Error: 18452
The issue occurs when i try to connect via SSMS from the client machines from one domain to another domain where SQL server is installed.
servername\instance01 error 18452
servername\instance01, Port of instance - no issues, connection is successful
IPadress of SQL server\instance01 - successful
IPaddress of SQL server\instance01,Port - successful
FQDN\instance01 - successful
This have worked back in January that is like 3 weeks ago, and we are still troubleshooting the cause.
the test examples with instace02 is all working fine...
Briefly will explain for the environment:
2 Domains, with configured Trust between them. lets say domain.contoso.com and domain.libre.com
1 SQL Server with 2 instances working on SQL server 2008 R2 in domain.contoso.com
SQL is configured in Mixed mode.
TCP/IP is turned On.
SQL browser service is turned On.
Named Pipes is turned On.
Via is Off.
No Aliases configured.
TCP/IP dynamics ports is empty.
2 instances first is configured with port 1433, second is configured with 1343,
2 Windows clients with Windows 10 Enterprise version 22H@ OS build 19045.2486 installed in domain.libre.com
They have trust between the domains, DNS works fine. Pinging back and forth gives the correct IP or by hostname it gives the correct result.
nslookup gives the correct results.
on the client machines, running in the CMD: SQLCMD -L shows the available SQL instances which i can access.
FIreWall ports are opened.
Host File is changed for client machines pointing to SQL server IP address and FQDN.
Why from only two client machines it is not possible to connect via SSMS to SQL server from the other domain, using the sqlservername\instance01 ?
Please let me know if you need more information to investigate together this.
Thank you,
VM
February 20, 2023 at 8:02 pm
You have DomainA, and DomainB, and there is a trust between them.
Your server is DomainB\MyServer.
Your login is DomainA\MyLogin
On server DomainB\MyServer, add the login DomainA\MyLogin to the server.
If it works, you did not have the login set up in SQL Server.
If it fails with the "Login is from an untrusted domain...", then the trust between the domains is not configured to allow this or you are not logged into the domain.
I would suggest this:
In the "parent" domain, create a set of AD groups. Let's say "SQlAdmins", "SQLWriters", and "SQLReaders".
In the domain that trusts the "parent" domain, create the same groups, and the only members would be the AD group from the "parent" domain.
I suspect that DomainB fully trusts DomainA("parent"), but DomainA does NOT trust DomainB.
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
February 21, 2023 at 2:13 pm
This was removed by the editor as SPAM
February 22, 2023 at 4:03 pm
This was removed by the editor as SPAM
February 22, 2023 at 4:11 pm
This was removed by the editor as SPAM
February 22, 2023 at 5:34 pm
Why are these replies getting flagged as spam?
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
February 24, 2023 at 12:04 pm
This was removed by the editor as SPAM
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply