Re: SQL 2000 NT AUTHORITY\SYSTEM Permission Problem
From: Steve Thompson (stevethompson_at_nomail.please)
Date: 09/17/04
- Next message: CD: "Re: Dbo role not the same on 2000 and 7"
- Previous message: Russell Fields: "Re: Dbo role not the same on 2000 and 7"
- In reply to: Don: "SQL 2000 NT AUTHORITY\SYSTEM Permission Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Sep 2004 14:46:17 -0400
Hi Don,
I archived a posting which may help you here:
Some time ago I posted a message here about my problem: after upgrading the
domain controller to Windows Server 2003, I couldn't use the SQL server
trusted connection due to the error: Login failed for user '(null)'. Reason:
Not associated with a trusted SQL Server connection.
To solve this problem, I had to open a case with Microsoft. Since recently
I've received several emails from people with the same problem, I realized
that I was not alone with this issue, so I decided to post the solution
here.
There are two ways to fix this problem: to remove TCP/IP protocol from SQL
server or to impersonate users.
Remove TCP/IP
1. Go to SQL Server properties, then to General tab - Network configuration.
Remove TCP/IP protocol there.
This worked for me. However, since TCP/IP is required for replication, I had
to add it back.
Impersonate SQL Server users.
Usually you can impersonate users by going to the Local security policy in
Administrative Tools, then to Impersonate a client after authentication.
However, if you deal with the Domain controller, most of the controls there
are disabled. So:
1. Go to the Active Directory, right-click on Domain Controllers and select
Properties
2. Go to the Group Policy tab and highlight Default Domain Controller
Policy, click Edit
3. Go to Windows Settings - Security Settings - Local Policies - User Rights
Assignment
4. Double-click Impersonate a client after authentication
Then Microsoft suggested to uncheck the box Define these policy settings,
then go to the Local security policy and add users there. It worked.
However, I think it would be better just add the users right there, without
going to the Local security policy.
Either way, this solved my problem.
Hope this helps.
-- Peter Afonin Steve "Don" <donw@fpoint.com> wrote in message news:45fd2a9.0409160733.11793eb5@posting.google.com... > Hi, > > I've been struggling with this one and hope someone can help me out: > > I have two machines running Windows Server 2003. One box has SQL > Server 2000 (Windows Auth mode) and the other holds a .NET Windows > Forms app and a VB6 app. > > When trying to connect to the SQL machine from the app machine, I get > the error "Login failed for user (null). Not associated with a trusted > SQL Server connection". > > I know this is a SQL permission error and the user does not have the > appropriate rights to connect. The user that is trying to connect is > NT AUTHORITY\SYSTEM user. The SQL box does not have IIS or the .NET > framework installed so I this user was not installed (looks like IIS > installs this user?) > > In my ASP.NET apps, I could control what user the app was coming in as > by changing the UserName and password for the anonymous user to a user > that was created identically on both machines, set <identity > impersonate = "true>, and give them the appropriate SQL permissions. > > So the question is can I change the windows user name that the .Net > app and VB6 app uses from the NT Authority user to a username that I > create and give the appropriate SQL permissions? Or is there another > way of doing this? And changing the SQL auth method to mixed is not > an option for me. > > I would appreciate any and all suggestions as I have tried everything > that I could think of. Thanks! > > - Donald
- Next message: CD: "Re: Dbo role not the same on 2000 and 7"
- Previous message: Russell Fields: "Re: Dbo role not the same on 2000 and 7"
- In reply to: Don: "SQL 2000 NT AUTHORITY\SYSTEM Permission Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
