Sql-server – SQL Server Windows Auth Login sees Domain as untrusted

active-directorydomain-controllersql serversql-server-2008windows-server-2008

I've had someone set up a domain controller on windows 2008 on one server, and sql server 2008 on another. The domain seems to be working fine, I'm logged on as a domain user on both servers, nothing seems to be a problem there.

However, when I try to add a domain user/group to SQL Server Security (e.g. clicking ok from the create login screen) it says it can't find it (even though I've used the search to find the correct account in the first place), when I try to logon (even though I haven't added it yet) it says something about the account being part of an untrusted domain instead of saying I don't have permission to log on.

Anyone have any ideas on what is set up incorrectly?

Best Answer

a. Check that the user account the SQL Server service is running as a domain account.
From MSDN:

If the service must interact with network services, access domain resources like file shares or if it uses linked server connections to other computers running SQL Server, you might use a minimally-privileged domain account. Many server-to-server activities can be performed only with a domain user account. This account should be pre-created by domain administration in your environment.

b. Ensure the DNS server being used by the member server knows about the domain, i.e. can resolve SRV records for AD services. See this blog post for more information.

c. Follow resolution steps in the MS KB article.

Best Answer

Related Solutions

SQL 2008 install on Windows Server 2008 Permission Denied errors

Security – cannot add a user to sysadmin role in SQL Server

Related Topic