Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Token-based server access validation failed with an infrastructure error

Tags:

sql-server

sql-server-2008

I would appreciate help with the following issue:

I have created a local group in our SQL 2008 server and added two Windows user accounts "DOMAIN\UserName" I then added the local group to the database and granted read only access.

The users are trying to link tables using MS Access using and ODBC connection and getting the following error. Users are not system administrators.

Date                      6/30/2010 1:01:54 PM Log                         SQL Server (Current - 6/30/2010 1:10:00 PM) Source                  Logon Message Login failed for user 'DOMAIN\UserName'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 999.99.9.99]   Date 6/30/2010 1:01:54 PM Log SQL Server (Current - 7/1/2010 8:12:00 AM)

Source Logon

Message Error: 18456, Severity: 14, State: 11.

Database Server: windows Server 2008 R2 Enterprise System type: 64-bit Operating System SQL Server 2008

like image 483
Pedro Reinoso Avatar asked Jul 01 '10 16:07

Pedro Reinoso

2 Answers

Thank you for your response.

I fount the cause of the problem. I just whished the MS error message in the logs could be more clear. The remote user with logging access problems was also part of a group that was denied access to our database. I completely overlooked this configuration. I then created a different group and granted access to the user. I also granted access explicitly and in both instances the users was denied access. Once I remove the group that denied access it all worked fine.

p.reinoso

like image 75
Pedro Reinoso Avatar answered Oct 13 '22 17:10

Pedro Reinoso

It's possible there may be an SPN missing for the service account you're using to connect to the SQL server. If for example you're trying to connect to sqlsrv1 from websrv1 using account svcacct1 you could (using a domain admin account) add an SPN to ensure that AD allows authentication from that machine using that account.

setspn -A MSSQLSvc/websrv1.domain.local:1433 svcacct1

Now when you try to connect to sqlsrv1 (to authenticate with MS SQL) using the svcacct1 from websrv1, the credentials should pass through and allow authentication on the server without generating this error.

like image 37
Miguel G Avatar answered Oct 13 '22 18:10

Miguel G
Sign in to Comment

Related questions

Seemingly incorrect Operator Precedence
How to prevent returned Json being split?
Make C# Dependency only trigger when new rows have been inserted into MS SQL with specific column value
SSIS Foreach Loop Container Not Looping through Excel Files
Find topmost parents in self-referential table
"Distinct" results in complex query
Using SQL Server 2005's XQuery select all nodes with a specific attribute value, or with that attribute missing
Performance overhead of adding a BLOB field to a table
Stuck trying to migrate two tables from one DB to another DB
How do I combine/merge columns from two SQL query results?
LINQ to SQL Decimal Parameter
sql server 4 byte unsigned int
How do I Pivot on an XML column's attributes in T-SQL
How to save an image from SQL Server to a file using SQL [closed]
How to Store and Retrieve Images Using SQL Server (Server Management Studio)
Pivot Tables In Sql Server With Spaces In Cell
Why better isolation level means better performance in SQL Server
How to track changes in many SQL Server databases from .NET application?
Lock Question - 'U' lock vs. 'X' lock
Finding the SQL output of a parameterized query

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!