I recently came across this while managing a clustered SQL Server. There were various messages listed out on forums, etc., but for me we found that the error was originating because we have DNS issues and Domain Controllers (DC) was unreachable due to a network switch configuration problem.
So if you see these errors, you may see in the EventLog a NetLogon error relating to not being able to reach a domain controller to login, and you will get the error below because the DC is the one that hands the Kerberos token to the process for use in SSPI related activities.
Logon,Unknown,Error: 17806 Severity: 20 State: 2.
Logon,Unknown,Login failed for user ”. The user is not associated with a trusted SQL Server connection. [CLIENT: IPAddress]
Logon,Unknown,Error: 18452 Severity: 14 State: 1.
Logon,Unknown,SSPI handshake failed with error code 0x80090311 while establishing a connection with integrated security; the connection has been closed.
Good luck and have a great SQL day.
This Post Has 6 Comments
So did you ever find a solution to this issue?
Yes, the issue was that the DNS Server was down or misrouted and the Cluster could not find the Domain Controller. Once we reestablished connectivity to the Domain Controller, the error stopped.
I found that this error was caused by users who’s password had expired and had decided not to change it. Although they remained logged in and were able to operate on the network. When connecting from one SQL server to the next, kereberos was unable to pass their authentication details.
I had the same problem and tried almost all the tips in this thread and others around the Internet. However, none of them were useful for me. In my development environment I had been using a connection string which used a DNS name (Host A record, as a matter of fact) pointing to the IP of the server where SQL 2005 is installed.
After trying several things, I finally went to the web.config and changed the connection string to the server name. After this, I got another message: Login failed for user ‘NT AUTHORITYNETWORK SERVICE’. [CLIENT: ]
I had seen another article saying to give this user access to the data base under User Mappings and after that all worked like a charm.
Hope this is helpful for anyone.
My problem seem to be related to registration of SPNs:
The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.
I got this error also and it was related to GPO.
the user group did not have “Access this computer fromt the network”.
I saw this by opening “Local Security Policy” in Administrative tools.
local policiesuser Rights assignmentAccess this computer from the network
The user has to be in some group there.