debugsqlMinor
Why does SQL authentication sometimes fail and how can I make it work reliably?
Viewed 0 times
sometimesreliablywhycansqlmakeauthenticationfailworkdoes
Problem
I have SQL Server Express installed locally on a machine and it works most of the time but occasionally it fails to make a connection with this error:
Could not obtain information about Windows NT group/user
'MYDOMAIN\myUser', error code 0x6fd.
I'm at a loss for what to change. I can't guarantee the laptop can see the domain controller at all times because - well - it's a laptop! But it would seem that has no effect anyway (it works when disconnected from the network usually; it fails when connected sometimes).
Here's the SQL Server connection string:
What should I do?
Edit:
I've tried moving it to a localdb and using SQL authentication to the SQL Server Express instance. Both ways STILL FAIL with the "could not obtain information..." message. They succeed if there is no network at all, but they all fail if there is a network that isn't the domain one. Not sure what the next move should be...
Could not obtain information about Windows NT group/user
'MYDOMAIN\myUser', error code 0x6fd.
I'm at a loss for what to change. I can't guarantee the laptop can see the domain controller at all times because - well - it's a laptop! But it would seem that has no effect anyway (it works when disconnected from the network usually; it fails when connected sometimes).
Here's the SQL Server connection string:
Data Source=localhost\MYINSTANCE;Integrated Security=True;Initial Catalog=myDbName;Connection Timeout=15What should I do?
Edit:
I've tried moving it to a localdb and using SQL authentication to the SQL Server Express instance. Both ways STILL FAIL with the "could not obtain information..." message. They succeed if there is no network at all, but they all fail if there is a network that isn't the domain one. Not sure what the next move should be...
Solution
When your machine is not connected to the network, it uses the cached information for authentication purposes. This is how you can take the laptop home and log on with your domain account. If you created a login for a domain account while you weren't connected to the domain and then they tried to log in with that account, it would fail because that information doesn't exist on your laptop and it can't reach the domain to authenticate the credentials.
When you are on the same network as the domain, your machine recognizes this and tries to communicate with the domain controller on regular intervals. When a communication failure occurs, your local machine is essentially orphaned at that time so any domain resources become unavailable until it can re-establish communication. If you disable your network connection and log off/on and then try I would bet it works fine. It might even work if just disable the network, I don't have a laptop to test this out on so I can't say with certainty. This is based on my understanding of Active Directory and experience so it might not be 100% accurate but it is definitely what I have observed. Like John M suggested, you might want to use a sql login since you are having problems.
When you are on the same network as the domain, your machine recognizes this and tries to communicate with the domain controller on regular intervals. When a communication failure occurs, your local machine is essentially orphaned at that time so any domain resources become unavailable until it can re-establish communication. If you disable your network connection and log off/on and then try I would bet it works fine. It might even work if just disable the network, I don't have a laptop to test this out on so I can't say with certainty. This is based on my understanding of Active Directory and experience so it might not be 100% accurate but it is definitely what I have observed. Like John M suggested, you might want to use a sql login since you are having problems.
Context
StackExchange Database Administrators Q#82564, answer score: 2
Revisions (0)
No revisions yet.