Re: Login failed for user '(null)'
From: Steve Thompson (stevethompson_at_nomail.please)
Date: 06/24/04
- Previous message: Steve Thompson: "Re: Directions on how to install SQL 2000 not as Windows admin"
- In reply to: Paul Haltenberg: "Login failed for user '(null)'"
- Next in thread: Chris Wilkins: "Re: Login failed for user '(null)'"
- Reply: Chris Wilkins: "Re: Login failed for user '(null)'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jun 2004 09:38:53 -0400
Hi Paul,
I'm posting a message from Peter Afonin that had a very similar issue -- see
if this helps you:
~~~~~~~~~~~~~~~
Some time ago I posted a message here about my problem: after upgrading the
domain controller to Windows Server 2003, I couldn't use the SQL server
trusted connection due to the error: Login failed for user '(null)'. Reason:
Not associated with a trusted SQL Server connection.
To solve this problem, I had to open a case with Microsoft. Since recently
I've received several emails from people with the same problem, I realized
that I was not alone with this issue, so I decided to post the solution
here.
There are two ways to fix this problem: to remove TCP/IP protocol from SQL
server or to impersonate users.
Remove TCP/IP
1. Go to SQL Server properties, then to General tab - Network configuration.
Remove TCP/IP protocol there.
This worked for me. However, since TCP/IP is required for replication, I had
to add it back.
Impersonate SQL Server users.
Usually you can impersonate users by going to the Local security policy in
Administrative Tools, then to Impersonate a client after authentication.
However, if you deal with the Domain controller, most of the controls there
are disabled. So:
1. Go to the Active Directory, right-click on Domain Controllers and select
Properties
2. Go to the Group Policy tab and highlight Default Domain Controller
Policy, click Edit
3. Go to Windows Settings - Security Settings - Local Policies - User Rights
Assignment
4. Double-click Impersonate a client after authentication
Then Microsoft suggested to uncheck the box Define these policy settings,
then go to the Local security policy and add users there. It worked.
However, I think it would be better just add the users right there, without
going to the Local security policy.
Either way, this solved my problem.
Hope this helps.
-- Peter Afonin ~~~~~~~~~~~~~~~ "Paul Haltenberg" <haltenberg@yahoo.com> wrote in message news:c689f975.0406240221.54bb6d19@posting.google.com... > I am running a third-party web application (mainly ASP and specific > pages with their own extension that are processed by a third-party > ISAPI dll) on a Windows 2000 Server (IIS 5.0) which is also a domain > controller and has MS SQL 2000 installed. Anonymous access in IIS for > this application is set to use a domain account. This account is also > granted access to MS SQL 2000 database. Everything works just fine. > > For performance purposes I moved MS SQL 2000 Server to a new machine > (Windows 2003 server, domain member). When I did so, asp scripts in > the application work perfectly well. I have auditing turned on on MS > SQL running on Windows 2003 and I can see successful logins to MSSQL > for the user which is configured for anonymous access in IIS running > on Windows 2000. > > But, when I try to access any of those specific pages with their own > extension that are processed by ISAPI dll, the IIS log shows the > following error: > Out-of-process+ISAPI+extension+request+failed. 503 > and the MSSQL errorlog shows the following error at once: > Login failed for user '(null)'. Reason: Not associated with a trusted > SQL Server connection. > > According to this application's documentation, TCP/IP and Named Pipes > are required on MS SQL (and they are there!). There's also a specific > mentioning that that particular ISAPI requires and works through Named > Pipes only. > > For testing purposes I have also deployed IIS on Windows 2003 and > installed the application telling it to use MS SQL server on the > Windows 2000 DC and this worked fine! But when I do backwards, I get > Login failed for user '(null)' and > Out-of-process+ISAPI+extension+request+failed. 503 in IIS. > > I need to have IIS on Windows 2000 DC and MS SQL on Windows 2003 > domain member and it doesn't work, but works fine when I do vice versa > (IIS on 2003 and MS SQL on 2000 DC). I have checked all the policies > for 'access this computer from the network', 'log on locally', > 'accounts trusted for delegation', 'computer trusted for delegation' > and the behavior is still the same: > > - if IIS is on Win2000 DC and MSSQL is also there, everything works; > - if IIS is on Win2000 DC and MSSQL is on Windows 2003 domain member: > error; > - if IIS is on Win2003 domain member and MSSQL is on Win2000 DC: > everything works. > > Any ideas what I might be missing?
- Previous message: Steve Thompson: "Re: Directions on how to install SQL 2000 not as Windows admin"
- In reply to: Paul Haltenberg: "Login failed for user '(null)'"
- Next in thread: Chris Wilkins: "Re: Login failed for user '(null)'"
- Reply: Chris Wilkins: "Re: Login failed for user '(null)'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
