By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,257 Members | 925 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,257 IT Pros & Developers. It's quick & easy.

SQL Server Express 2008 Off Domain Authentication

P: 3
I originally posted this on the MSDN forums and it did not get much traction so I will ask the question here.

I have an application that uses SQLExpress locally installed. When I am on domain, I can connect to it and use it with my domain account just fine. Everything works. If I am off Domain and log in with a cached account, I am unable to connect to the Database with scripts or applications, but I can connect just fine with SQL Studio. Also, if I log in with the local admin account I can run all apps and scripts that use the DB just fine.

My account is sysadmin on the SQL Express.
I have to link and unlink databases and bulk import files in the apps and scripts so I cannot use a SQL Server only account, it must be an account that can access the filesystem, create linked DBs, etc.

I have forced shared memory only connections with the exact same results. All queries of all connection string types that will work against the Express version work when I use the admin account, or when I am on the domain.

I have not been able to find a way to connect outside of SQL Studio with a cached account.

Does anyone know how to get around this problem. I have posted the errors below and have searched for and read through the the discussion. None I have been able to find so far address the cached account scenario.

If I knew how SQL Studio is able to permit me to connect with a cached account, I think that would be the solution.

Thanks,
LD

Command Line:

C:\Documents and Settings\<account>>sqlcmd -S .\SQLEXPRESS -E
HResult 0x80090304, Level 16, State 1
SQL Server Network Interfaces: The Local Security Authority cannot be contacted

Sqlcmd: Error: Microsoft SQL Server Native Client 10.0 : Cannot generate SSPI co
ntext.

C:\Documents and Settings\<Account>>

Windows System Log:


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 11/6/2009
Time: 5:20:34 AM
User: N/A
Computer: <host>
Description:
The Security System detected an attempted downgrade attack for server MSSQLSvc/<host>.<domain>:sqlexpress. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


SQL Server Log when successful with cached account launching SQL Studio (Same in Windows Logs)

11/06/2009 05:26:17,Logon,Unknown,Login succeeded for user '<domain>\<account>.
Connection made using Windows authentication. [CLIENT: <local machine>]
Jan 31 '10 #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.