Boring article about fixing a 'Login failed... untrusted domain' issue when connecting to SQL Server.
secretGeek .:dot Nuts about dot Net:.
home .: about .: sign up .: sitemap .: secretGeek RSS

Boring article about fixing a 'Login failed... untrusted domain' issue when connecting to SQL Server.

This will be the most boring and dry technical post I've ever written. I promise. I'm only writing it down because I hear Jeff Atwood's voice in my head telling me that if I haven't shared the solution then there's almost no value in solving it.

So here was the problem...

On one of my machines, in recent months, anytime I tried to run an asp.net application that attempts to connect to a SQL Server database I receive this error:

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

This is in a scenario where everything is local: I'm on a home computer, using a local database server. And it doesn't matter if I'm using IIS, webdevserver, or IIS Express. It doesn't matter if I'm trying to connect to SQL Express or SQL Server 2008 r2. I can enter the credentials using the machine name or IP address. The result is the same.

Looking in the Windows Event Viewer I see:

SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. [CLIENT: ].

Most of the 'solutions' online were not applicable because they involve domain issues. This is just a local machine.

One particular forum message involved a guy with a similar setup to me. He solved the problem for himself, but left behind only this very abbreviated and somewhat cryptic explanation:

Solved. Traced the prob. to my net setup. The clue was this a msg in the Win System Log from Lsasrv about the target name and it showed the fqdn. Did some checks and the fqdn didn't look right, cleaned up my network config (I had customized it for another project), and now it's workin.

The 'fqdn' is the fully qualified domain name. I found three different ways to find my fqdn, and one of them disagreed with the others! So this was a smoking gun.

Method 1 for finding the fqdn: When I right clicked on "computer" in the start menu and looked at the properties, the 'full computer name' was reported as 'Leon_xps'.

Method 2 for finding the fqdn: When I ran "ipconfig /all" and got these values for Host Name and Primary Dns Suffix:

   Host Name . . . . . . . . . . . . : Leon_xps
   Primary Dns Suffix  . . . . . . . :

(Add them together and you get a fqdn of just 'Leon_xps'

Method 3 for finding the fqdn: In cmd when I ran 'ping -a Leon_xps' I saw a very unexpected result!

It said:

Pinging leonx_xps [192.168.1.2] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Notice that it's changed the name 'leon_xps' into 'leonx_xps' and come up with the ipaddress of '192.168.1.2'. instead of what I expected (such as a loopback address, 127.0.0.1... or some IPv6 nonsense)

There's only one kind of alchemy I know of for turning a good name into a crazy ipaddress: and that's the magic of the HOSTS file.

So I looked in there for 'leonx_xps' and I found it. Found this crazy nonsense line, probably added by myself during some other wild-goose-chase for a solution to some other messed up problem:

192.168.1.2 leonx_xps leon_xps

Once I'd commented out that rule, the asp.net application immediately started to connect succesfully to SQL Server 2008 r2. And I can move forward with my testing of Massive and Dapper.

But just mentioning the probable cause of this (not cleaning up during an earlier problem-panic) I remember that earlier tonight, while frantically trying to fix this problem I added some stupid rules to the windows firewall. I had better go and remove them now before my computer gets owned. Hey wait a moment!? Why is my CPU at 100%? Be right back...



'Jake' on Sun, 08 May 2011 20:53:17 GMT, sez:

Not as boring as you promised! I want my 5 minutes back!
Jake: lover of boring things


'lb' on Tue, 10 May 2011 05:42:20 GMT, sez:

This site may go down for a short while.


'Mark' on Tue, 21 Jun 2011 14:57:35 GMT, sez:

An echo of thanks ...


'Baud' on Sat, 01 Oct 2011 17:17:41 GMT, sez:

Looking to the c:\windows\system32\drivers\etc\hosts file was the key. Thx for having taken the boring time to write this useful article

regards


'Travis' on Thu, 27 Oct 2011 14:40:56 GMT, sez:

YAY this solved my problem. Thanks. It was actually the fact that the FQDN was in the hosts file. It was forcing SQL to use the full name and choke


Add your comment.


name


website (optional)


enter the word:
 

comment (HTML not allowed)


All viewpoints welcome. But the right to delete any post for any reason is reserved. Don't make me do it. Aim for constructiveness. Comments may be republished, emailed to your loved ones or printed and used as toilet paper. Also, I get particularly nasty on comment spam. It's not worth even trying to post comment spam here -- your html is escaped, and your links are given a rel='nofollow'. By attempting to post a comment, you understand that if the comment is considered spam, at my absolute discretion, your IP address may be used as the target of a prolonged distributed denial of service attack. Your electricity might suddenly stop working. Your car tyres will go mysteriously flat. You will suffer permanent hairloss. Your dreams will be filled with terrifying monsters. And in any case I reserve the right to record and publish your IP address.

 

TimeSnapper is a life analysis system that stores and plays-back your computer use. It makes timesheet recording a breeze, helps you recover lost work and shows you how to sharpen your act.

 

NimbleText - FREE text manipulation and data extraction

NimbleText is a Powerful FREE Tool

Use it for:

  • extracting data from text
  • manipulating text
  • generating code

It makes you look awesome. Use it right now! Go on! Hurry! Don't walk, run!

 

Articles

Mind-boggling Demo of New Gaming Genre, aka Folder-Based Hangman, aka Fun with Recursion Mind-boggling Demo of New Gaming Genre, aka Folder-Based Hangman, aka Fun with Recursion
Got CSV in your javascript? Use agnes. Got CSV in your javascript? Use agnes.
I went to write down a book name and founded an internet empire instead. I went to write down a book name and founded an internet empire instead.
NimbleText: Origins NimbleText: Origins
The Windows 8 Mullet The Windows 8 Mullet
Cosby: spontaneous striped background generator Cosby: spontaneous striped background generator
Slides from WDCNZ: Live Coding Asp.net MVC3 Slides from WDCNZ: Live Coding Asp.net MVC3
MVC 3, MVC 3, "Third Times a Charm" references
Custom Errors in ASP.Net MVC: It couldn't be simpler, right? Custom Errors in ASP.Net MVC: It couldn't be simpler, right?
Anatomy of a Domain Hijacking, part 2: The Website Who Came In From The Cold Anatomy of a Domain Hijacking, part 2: The Website Who Came In From The Cold
Anatomy of a Domain Hijacking, part 1 Anatomy of a Domain Hijacking, part 1
secretGeek.net domain has been stolen. The site may go down. secretGeek.net domain has been stolen. The site may go down.
Boring article: 'untrusted domain' issue with SQL Server. Boring article: 'untrusted domain' issue with SQL Server.
Coding While You Commute Coding While You Commute
Test Driven Dentistry Is A Good Thing Test Driven Dentistry Is A Good Thing
The 'less crashy' release of NimbleText The 'less crashy' release of NimbleText
Rethinking Toolbars in Visual Studio (or any IDE) Rethinking Toolbars in Visual Studio (or any IDE)
Where shall we have lunch? Where shall we have lunch?
Setting up email for your microIsv Setting up email for your microIsv
The NO Visual Studio movement: Compiling .net projects in Notepad++ The NO Visual Studio movement: Compiling .net projects in Notepad++
ZeroOne: the editor for programmers who think in binary ZeroOne: the editor for programmers who think in binary
Mercurial workflow for personal projects (with a .net bias) Mercurial workflow for personal projects (with a .net bias)
I see you're using vim. Let me fix that for you. I see you're using vim. Let me fix that for you.
The worst recruitment spam I've ever read The worst recruitment spam I've ever read
A thank you I forgot to say A thank you I forgot to say
My new product, NimbleText, is live My new product, NimbleText, is live
Grabbing the free songs of Jonathan Coulton (with Powershell) Grabbing the free songs of Jonathan Coulton (with Powershell)
Using NimbleSet to compare lists Using NimbleSet to compare lists
Wanted: Wiki Lists (dot org) Wanted: Wiki Lists (dot org)
DOS on Dope: The last MVC web framework you'll ever need DOS on Dope: The last MVC web framework you'll ever need
JSON Query Languages: 5 special purpose editors JSON Query Languages: 5 special purpose editors
What then, is b? What then, is b?
SQLike: A simple editor SQLike: A simple editor
Yet Another BizPlan Generator. Yet Another BizPlan Generator.
HOT GUIDS: A hot or not site for guids HOT GUIDS: A hot or not site for guids
How does life get better? One tiny hack at a time. How does life get better? One tiny hack at a time.
24 things to do, and 100 things *not* to do (yet) for building a MicroISV 24 things to do, and 100 things *not* to do (yet) for building a MicroISV
Venture capital won't kill Jeff Atwood, it will only make him Jeffer. Venture capital won't kill Jeff Atwood, it will only make him Jeffer.
A handy workflow image for newbie mercurial users A handy workflow image for newbie mercurial users
Fractal Feedback, a diversion into recreational programming Fractal Feedback, a diversion into recreational programming
Hump-Jumping: How the Education of Computer Science can be Saved, err, maybe. Hump-Jumping: How the Education of Computer Science can be Saved, err, maybe.
Suggested User Experience Improvements for DiffMerge Suggested User Experience Improvements for DiffMerge
SQL Style Extensions for C# SQL Style Extensions for C#
The Movie Hollywood (And My Wife) Doesn't Want You To See: Weekend at Jacko's The Movie Hollywood (And My Wife) Doesn't Want You To See: Weekend at Jacko's
Sysi: the ultimate administrators toolkit Sysi: the ultimate administrators toolkit
Archives .: secretGeek :: Complete Archives
TimeSnapper -- Automated Screenshot Journal TimeSnapper.com    
Version 3.3: true productivity boost
Next Action NextAction
Managing the top of your mind
NimbleText -- World's Simplest Code GeneratorNimbleText -- World's Simplest Code Generator, Text Manipulator, Data Extractor
25 steps for building a Micro-ISV 25 steps for building a Micro-ISV
3 minute guides -- babysteps in new technologies: powershell, JSON, watir, F# 3 Minute Guide Series
Universal Troubleshooting checklist Universal Troubleshooting Checklist
Top 10 SecretGeek articles Top 10 SecretGeek articles
ShinyPower (help with Powershell) ShinyPower
Now at CodePlex
Realtime CSS Editor, in a browser RealTime Online CSS Editor
Gradient Maker -- a tool for making background images that blend from one colour to another. Forget photoshop, this is the bomb. Gradient Maker

[powered by Google] 
How to be depressed How to be depressed
You are not inadequate.

Recommended Reading


the little schemer

The Best Software Writing I
The Business Of Software (Eric Sink)

Recommended blogs

Jeff Atwood
Joseph Cooney
Phil Haack
Scott Hanselman
Julia Lerman
Rhys Parry
Joel Pobar
Thomas White
OJ Reeves
Eric Sink

Aggregated Links

proggit
dzone
hacker news
dot net kicks

Human Link Machines

interesting finds
a continuous learner's weblog
arjan's world
weekly link post
LinkedIn profile
LogEnvy - event logs made sexy
Computer, Unlocked. A rapid computer customization resource
PC Smart Buys - Computer Hardware in Australia

.: bookmark this page at del.icio.us bookmark at Del.icio.us! :: reddit this reddit this :.

 
home .: about .: sign up .: sitemap .: secretGeek RSS .: © Leon Bambrick 2006 .: privacy

home .: about .: sign up .: sitemap .: RSS .: © Leon Bambrick 2006 .: privacy