Microsoft KB Archive/840219

= You may not be able to connect to a SQL Server that is running on a Windows Server 2003 computer by using Windows authentication =

Article ID: 840219

Article Last Modified on 12/12/2005

-

APPLIES TO


 * Microsoft SQL Server 2000 Standard Edition, when used with:
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



SYMPTOMS
After you log on to your computer that is running Microsoft Windows Server 2003 by using a Windows user account that has local administrator credentials on your computer, if you try to connect to an instance of Microsoft SQL Server that is running on the computer by using Windows Authentication, the connection may not be successful.

If you use the osql command-line utility to connect to the instance of SQL Server, you may receive the following error message:

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

If you use SQL Query Analyzer to connect to the instance of SQL Server, you may receive the following error message:

Unable to connect to server

Server: Msg 18452, Level 16, State 1

[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

This problem occurs when all the following conditions are true:
 * The instance of SQL Server uses the TCP/IP server network library for client connections.
 * A Windows user account that is different from the current Windows logon account is set as the service account for the MSSQLServer service that corresponds to your instance of SQL Server.



CAUSE
This problem can occur because the Windows user account that is used to connect to the instance of SQL Server does not have sufficient permissions on your computer. This article discusses one possible cause of this message. The workaround that is discussed in this article will only help if you experience this specific scenario.



RESOLUTION
To resolve the problem, you must change the user rights settings on your computer to give sufficient permissions to the Windows user account that is used to connect to the instance of SQL Server. To do this, follow these steps.

Note If the Windows user name that is used to connect to the instance of SQL Server is a domain user name and is not a local user name on your computer, you must change the user rights settings by using the Active Directory Users and Computers Microsoft Management Console (MMC) on the computer that acts as the domain controller.  Click Start, point to Administrative Tools, and then click Local Security Policy. In the left pane of the Local Security Settings window, expand Local Policies, and then click User Rights Assignment. In the right pane, modify the settings of the policies to add the users who are mentioned in the following table. To do this, under the Policy column header, double-click the corresponding policy, click Add User or Group, and then add a user or group to the policy.

Note &quot;Windows User&quot; indicates the Windows user name that is used to connect to the instance of SQL Server. Before you provide these user rights to the Windows user, make sure that the Windows user is eligible for these user rights on the computer that is running the instance of SQL Server. Close the Local Security Settings window. Restart the instance of SQL Server.

Additionally, if the user rights settings on your computer are defined by using a security template, you must make sure that the specified user rights are modified accordingly in the corresponding security template.



WORKAROUND
To work around this problem, use one of the following methods:
 * Connect to the instance of SQL Server by using SQL Server Authentication.
 * Configure the instance of SQL Server to use the Named Pipes server network library for the client connections, and then connect to the instance of SQL Server by using Windows Authentication.

<div class="moreinformation_section">

Steps to reproduce the behavior
 Log on as an administrator on the computer that is running the instance of SQL Server.</li> Create a new Windows user that is named User1 on your computer, and then make sure that the User1 Windows user account has local administrator credentials on your computer.</li> Click Start, point to Settings, and then click Control Panel.</li> In Control Panel, double-click Administrative Tools.</li> In the Administrative Tools window, double-click Local Security Policy.</li> In the left pane of the Local Security Settings window, expand Local Policies, and then click User Rights Assignment.</li> In the right pane, modify the setting of the policies to add the corresponding users who are mentioned in the following table: </li> Close the Local Security Settings window.</li> Make sure that the instance of SQL Server is configured to use the TCP/IP server network library for the client connections, and then restart your instance of SQL Server.</li> Make sure that the current Windows logon account is set as the service account for your instance of SQL Server.</li> Restart your instance of SQL Server.</li> Log off, and then log on to the computer by using the Windows user User1 account.</li> At a command prompt, type the following command to connect to the instance of SQL Server:

osql -S  -E

You receive the error message that is mentioned in the &quot;Symptoms&quot; section.</li></ol>

Keywords: kberrmsg kbtshoot kbuser kbsecurity kbprb kbconfig kbauthentication kbconnectivity KB840219

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.