patternsqlMinor
SQL Server 2012 Can't log in with machine account
Viewed 0 times
can2012logsqlwithaccountmachineserver
Problem
We're migrating an IIS/SQL Server site from 2008 to 2012, and I'm having a problem with authentication. We use Windows Authentication to authenticate as
Login failed for user 'DOMAIN\COMPUTER$'. Reason: Could not find a login matching the name provided. [CLIENT: ]
I've verified that the account exists, and even deleted and recreated it
If I do it again, I get the response:
Msg 15025, Level 16, State 2, Line 1
The server principal 'DOMAIN\COMPUTER$' already exists.
(
So it appears that the site is querying the SQL Server, but the SQL Server isn't looking at its logins very hard.
What have I missed?
DOMAIN\COMPUTER$, but this isn't working, giving an error saying:Login failed for user 'DOMAIN\COMPUTER$'. Reason: Could not find a login matching the name provided. [CLIENT: ]
I've verified that the account exists, and even deleted and recreated it
create login "DOMAIN\COMPUTER$" from windowsIf I do it again, I get the response:
Msg 15025, Level 16, State 2, Line 1
The server principal 'DOMAIN\COMPUTER$' already exists.
(
DOMAIN\COMPUTER is substituted for the real domain and computer name)So it appears that the site is querying the SQL Server, but the SQL Server isn't looking at its logins very hard.
What have I missed?
Solution
It is most likely not the DOMAIN\computer$ at all. This message is known to be a misleading. I think all it wants is that "NT AUTHORITY\NETWORK SERVICE" be granted the server access. Open SQL Server login properties and add this account. Also, check what user is used in the IIS to impersonate anonymous user, it should be something like "IUSR_ServerName". Grant access to this user as well
Context
StackExchange Database Administrators Q#74061, answer score: 7
Revisions (0)
No revisions yet.