Best IT Recipes

Login failed for user DOMAIN \ MACHINENAME $ '

I know this is almost a duplicate: Error "Login failed for user" NT AUTHORITY \ IUSR "" in ASP.NET and SQL Server 2008 and Login failed for user "username" - System.Data.SqlClient.SqlException with LINQ to external project / class library, but some things don't stack up compared to other applications on my server, and I'm not sure why.

Used boxes:

Web box
SQL Box
SQL Test Box

My expression:

I have an ASP.NET web application that references a class library that uses LINQ-to-SQL. The connection string is configured correctly in the class library. In case of login failure for the user 'username' - System.Data.SqlClient.SqlException with LINQ in the external library of projects / classes. I also added this connection string to the web application.

The connection string uses SQL credentials per se (both in the web application and in the class library):

<add name="Namespace.My.MySettings.ConnectionStringProduction" connectionString="Data Source=(SQL Test Box);Initial Catalog=(db name);Persist Security Info=True;User ID=ID;Password=Password" providerName="System.Data.SqlClient" />

This connection is confirmed to be working by adding it to the server browser. This is the connection string my .dbml file uses.

This problem:

I get the following error:

 System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN\MACHINENAME$'.

Now refer to this . The error "Login failed for NT AUTHORITY \ IUSR user" in ASP.NET and SQL Server 2008 means that a truly local network service and the use of any other non-domain name will not work.

But I got confused because I checked both SQL Box and SQL Test Box SQL Management Studio, and both have the NT AUTHORITY/NETWORK SERVICE section Security β†’ Logon, at the database level, which is not in the Security β†’ Users list, but on database level Security β†’ Users I have a user displayed in the connection string.

At the NTFS level on the web server, the NETWORK SERVICE permissions have full control.

The reason I got confused is because there are many other web applications on my web server that reference the SQL Box and SQL Test Box databases, and they all work. But I can not find the difference between them and my current application, except that I use a class library. Will it make a difference? Checking NTFS permissions, configuring security entries at the server and database levels, the connection string and connection method (SQL Server credentials), as well as the IIS application pool and other folder settings are all the same.

Why do these applications work without adding the $ machine name to the permissions of any of my SQL blocks? But this is what one link tells me to do to solve this problem.

+107
sql-server web-applications sql-server-2005 iis-6
May 10, '10 at 21:01
source share
20 answers

NETWORK SERVICE and LocalSystem will always authenticate as the local corresponding account (embedded network service and embedded system), but both will authenticate as the remote computer account.

If you see a failure, for example Login failed for user 'DOMAIN\MACHINENAME$' , this means that the process running the NETWORK SERVICE service or like LocalSystem accessed the remote resource, authenticated itself as a computer account and was denied authorization.

A typical example would be an ASP application running in an application pool configured to use NETWORK SERVICE credentials and connect to a remote SQL Server: the application pool will authenticate as a machine using the application pool, and whether this account is the machine that should be accessed.

When access is denied to a computer account, access to a computer account must be granted. If the server refuses to log into the DOMAIN \ MACHINE $ system, you must grant access rights to the DOMAIN \ MACHINE $ domain not to the NETWORK SERVICE. Granting access to the NETWORK SERVICE service will allow the local process to work as the NETWORK SERVICE to connect, and not to the remote, as the remote will be authenticated, as you assumed, DOMAIN \ MACHINE $.

If you expect the asp application to connect to the remote SQL Server as an SQL login and you get exceptions from DOMAIN \ MACHINE $, this means that you are using Integrated Security in the connection string. If this is unexpected, it means that you messed up the connection strings you are using.

+144
May 10, '10 at 21:29
source share

This error occurs when you configure the application in IIS, and IIS is sent to SQL Server and tries to log in with credentials that do not have the appropriate permissions. This error can also occur when configuring replication or mirroring. I will decide a solution that always works and is very simple. Go to SQL Server -> Security -> Logins and right-click NT AUTHORITY \ NETWORK SERVICE service and select Properties

In the newly opened Login Properties screen, go to the User Mapping tab. Then, on the User Mapping tab, select the database you want β€” especially the database for which this error message is displayed. On the bottom screen, check the db_owner role. Click OK.

+28
Oct 29 '11 at 11:13
source share

In my case, I had Identity="ApplicationPoolIdentity" for my IIS application pool.

After adding the IIS APPPOOL\ApplicationName user to SQL Server, it works.

+13
Mar 29 '16 at 12:16
source share

The trick that worked for me was to remove Integrated Security from my connection string and add a regular User ID=userName; Password=password User ID=userName; Password=password your connection string in App.config your libral, perhaps there was no use of built-in security, but created in Web.config is!

+11
Jun 13 '11 at 13:16
source share

A colleague had the same error, and this was due to a small configuration error in IIS.
An invalid application pool has been assigned to the web application.

In fact, we use our own application pool with a specific identifier to meet our needs.

In my local IIS manager β†’ Sites β†’ Default website β†’ Name of our web application β†’ Basic settings ... The application pool was "DefaultAppPool" instead of our custom application pool.

Setting the correct application pool solved the problem.

+11
Jan 26 '12 at 9:24
source share

I added <identity impersonate="true" /> to my web.config and it worked fine.

+10
Aug 16 2018-11-11T00:
source share

Basically, to solve this problem, we need to configure

  • Web application running under ApplicationPoolIdentity
  • Web application connecting to databases via ADO.Net using Windows authentication in the connection string

The connection string used for Windows authentication includes either the Trusted_Connection=Yes attribute or the equivalent Integrated Security=SSPI attribute in the Web.config file

My database connection is in Windows authentication mode. So I solved this problem by simply changing the Application Pool Identification from ApplicationPoolIdentity to my domain log with credentials DomainName \ MyloginId

Step:

  1. Click on application pools

  2. Choose the name of your application

  3. Go to advanced settings

  4. Expand the Process Model and click Authentication . Click the three dots on the right end.
  5. Click Install ... and enter the credentials to enter the domain.

It was decided for me.

Note. In a production or IT environment, you may have a service account in the same domain to identify the application pool. If so, use the service account instead of your username.

+9
Feb 11 '17 at 4:57
source share

For me, the problem was resolved when I replaced the default built-in account "ApplicationPoolIdentity" with a network account that was allowed access to the database.

Settings can be made in Internet Information Server (IIS 7+)> Application Pools> Advanced Settings> Process Model> Authentication

+5
Jul 10 '13 at 16:45
source share

We received similar error messages while processing the Analysis Services database. It turned out that the username that was used to start the Analysis Services instance was not added to SQL Server security logins.

In SQL Server 2012, SQL Server and Analysis Services are configured to work differently by default. If you went by default, always make sure that the AS user has access to your data source!

+2
Jun 19 '13 at 15:03
source share

Check if you have

 User Instance=true

in the connection string. Try to remove it to solve your problem.

+1
Apr 12 '15 at 6:26
source share

I also had this error with an authenticated SQL Server user

I tried some fixes but they did not work.

The solution in my case was to configure "Server Authentication Mode" to enable SQL Server authentication in the "Managing Studio: Properties / Security" section.

+1
Mar 06 '17 at 19:09
source share

The only thing that everyone seems to ignore is that you might need integrated security = true. The site may be running under a pool account. This is all so good, and you can still hit the SQL server with the original user credentials, rather than the pool. It was called limited delegation. If you enable it and configure the SPN windows, you translate the pool credentials with the user on requests sent to the final service (SQL is just one such service). You must register ONE AND ONLY an SQL server that serves SQL queries on the web server. It is too complicated for me to try to accurately describe here. It took me a lot of time to work it out on my own.

+1
Mar 20 '17 at 16:44
source share

For me, the problem with 'DOMAIN \ MACHINENAME $' is fixed by setting DefaultApplicationPool Identity in NetworkService .

enter image description here

+1
May 3 '18 at 20:09
source share

I had the same problem earlier by removing Persist Security Info=True from the connection string for me.

0
Sep 25 '14 at 8:19
source share

I spent several hours trying to fix the problem, and finally got it - the SQL Server browser was β€œstopped”. The fix is ​​to change it to "Automatic" mode:

If it is disabled, go to Control Panel-> Administrative Tools-> Services and find the SQL Server Agent. Right-click and select Properties. From the Startup Type drop-down list, change Disabled to Automatic.

quote from here

0
Mar 02 '15 at 19:05
source share

I ran into this problem when a client renamed SQL Server. SQL Reporting was configured to connect to the old server name, for which an alias was also created that was redirected to the IP address of the new server name.

All of their old IIS applications worked, redirecting to the new server name through an alias. I figured out if they work SSRS. Attempting to connect to the SSRS site. An error occurred:

"The service is unavailable. Contact your system administrator to resolve the problem. System administrators: the report server cannot connect to its database. Make sure the database is up and running. You can also check the details in the report server trace log."

It worked on the server, but could not connect because it used an alias for the old server name. Reconfiguring SSRS to use the new server name instead of the old / alias fixed it.

0
Aug 31 '18 at 19:35
source share
  1. Change the application pool identity to the local system
  2. On SQL Mgmt> Security> Logins
    1. Find NT AUTHORITY \ SYSTEM double click
    2. User Mappings> Check your database and assign it a role below.
    3. Remember to also create a user database o security logins with the correct password.
0
Feb 23 '19 at 20:11
source share

I got this error while trying to check the solution using the following

 string cn = "Data Source=[servername];Integrated Security=true;Initial Catalog=[dbname];";

I decided this: I had to open Visual Studio and run it under a different account, because the account I used to open was not my administrator account.

So if your problem is similar to mine: attach VS to the taskbar, then use Shift and right click to open the menu so you can open VS as another user. enter image description here

0
May 11 '19 at 15:46
source share

Bear in mind that there are some good answers here, but since I just lost the time to develop this, I hope this can help someone.

In my case, everything worked fine, and then stopped for no apparent reason with the error indicated in the question.

IIS worked as a Network Service, and the Network Service was configured on SQL Server earlier (see Other Answers for this post).

The problem was; absolutely no apparent reason; The network service switched to "Deny" the right to enter the database.

Fix:

  1. Go to SSMS> Security> Logins.
  2. Right-click NT AUTHORITY \ NETWORK SERVICE and select Properties.
  3. Click the Status tab and set the Resolution option of the Database Engine to Submit.

Network service allowed

This allowed everyone to work, and the network service was not required to give any additional User Mappings as indicated in another answer (which I supported for some good pointers).

0
May 20 '19 at 11:16
source share

Bear in mind that there are some good answers here, but since I just lost the time to develop this, I hope this can help someone.

In my case, everything worked fine, and then stopped for no apparent reason with the error indicated in the question.

IIS worked as a Network Service, and the Network Service was configured on SQL Server earlier (see Other Answers for this post). Server roles and user mappings looked right.

The problem was; absolutely no apparent reason; The network service switched to "Deny" the right to enter the database.

Fix:

  1. Go to SSMS> Security> Logins.
  2. Right-click NT AUTHORITY \ NETWORK SERVICE and select Properties.
  3. Go to the Status tab and set the Permission to Connect To Database Engine Submit.

Network service allowed

0
May 20 '19 at 11:19
source share


More articles:


All Articles