Re: Howto troubleshoot login failure - State 11?
- From: "Jonny Bergdahl" <jonny.bergdahl@xxxxxxxxxxxxxxxx>
- Date: Wed, 28 May 2008 20:52:59 +0200
1 - Could it be that your user's domain login is not actually a member of the domain group? (You said that making the Windows Group a sysadmin made no
Nope. Also, other members of that group can login.
2 - Could it be that the login was defined with a default database to which it has no rights and the login fails before it switches to the intended
All logins have the default value 'master' set as the default database.
exec sp_helplogins 'Mydomain\Mylogin'
That does not show anything special,
DefDBName=master
AUser=yes
ARemote=no
....
DOMAIN\BizTalk Server Administrators | EDIMgmtDb | EDI Administrators | MemberOf
DOMAIN\BizTalk Server Administrators | EDIMgmtDb | DOMAIN\BizTalk Server Administrators | User
....
DOMAIN\BizTalk Server Administrators | master | EDI Administrators | MemberOf
DOMAIN\BizTalk Server Administrators | master | DOMAIN\BizTalk Server Administrators | User
....
If I create a login named DOMAIN\BTS01$ with only the 'public' role, and tries to logon I get this error:
--SQL log---
2008-05-28 20:21:40.50 Logon Error: 18456, Severity: 14, State: 16.
2008-05-28 20:21:40.50 Logon Login failed for user 'DOMAIN\BTS01$'. [CLIENT: 172.30.1.236]
--Client error--
System.Data.SqlClient.SqlException: Cannot open database "EDIMgmtDb" requested by the login. The login failed.
Login failed for user 'DOMAIN\BTS01$'.
------
Here the login succeeded, but the requested database is not allowed (This is the scenario where adding the 'sysadmin' role allow access). The reason seems to be that if I create the actual account in SQL Server, any Windows group memberships are ignored and the account itself must be granted the same rights as the Windows group. That is not a viable action as I have no control of what roles to grant, as future updates to BizTalk may make changes to those.
If I remove the BTS01$ login, and tries to login, I get this error:
--SQL log---
2008-05-28 20:23:17.65 Logon Error: 18456, Severity: 14, State: 11.
2008-05-28 20:23:17.65 Logon Login failed for user 'DOMAIN\BTS01$'. [CLIENT: 172.30.1.236]
--Client error--
System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN\BTS01$'.
-----
Here the login itself fails, no mention of any database name is made on the client.
This indicates to me that the problem is somehow related to SQL Server not being able to detect that the account is indeed a member of the 'BizTalk Administrator Group' domain group.
Regards;
/jb
.
- Follow-Ups:
- Re: Howto troubleshoot login failure - State 11?
- From: "Charles Wang [MSFT]"
- Re: Howto troubleshoot login failure - State 11?
- References:
- Howto troubleshoot login failure - State 11?
- From: Jonny Bergdahl
- Re: Howto troubleshoot login failure - State 11?
- From: Chris Wood
- Re: Howto troubleshoot login failure - State 11?
- From: Russell Fields
- Re: Howto troubleshoot login failure - State 11?
- From: Jonny Bergdahl
- Re: Howto troubleshoot login failure - State 11?
- From: "Charles Wang [MSFT]"
- Re: Howto troubleshoot login failure - State 11?
- From: Jonny Bergdahl
- Re: Howto troubleshoot login failure - State 11?
- From: Russell Fields
- Howto troubleshoot login failure - State 11?
- Prev by Date: Re: Reparing Orphaned SQL 2005 Logins
- Next by Date: xp_logevent and service broker queues
- Previous by thread: Re: Howto troubleshoot login failure - State 11?
- Next by thread: Re: Howto troubleshoot login failure - State 11?
- Index(es):
Relevant Pages
|
