I'm getting this message when trying to connect to a SQL Server 2008 instance from a Windows 2012 Terminal Server session:
"Login failed. The login is from an untrusted domain and cannot be used for Windows authentication."
Both servers reside on the same domain. Other clients on the same domain can use Windows Authentication just fine.
Any ideas?
(jtaylor@lorencook.com) writes:
> I'm getting this message when trying to connect to a SQL Server 2008
> instance from a Windows 2012 Terminal Server session:
> "Login failed. The login is from an untrusted domain and cannot be used
> for Windows authentication."
>
> Both servers reside on the same domain. Other clients on the same
> domain can use Windows Authentication just fine.
What happens if you try to logon directly from the machine where Terminal
Server is running on?
I would ask the AD admin to check that the machine is entered correctly
in the AD.
--
Erland Sommarskog, Stockholm, esquel@sommarskog.se
On Thursday, October 31, 2013 4:14:17 PM UTC-5, Erland Sommarskog wrote:
> (jtaylor@x) writes:
>
> > I'm getting this message when trying to connect to a SQL Server 2008
>
> > instance from a Windows 2012 Terminal Server session:
>
> > "Login failed. The login is from an untrusted domain and cannot be used
>
> > for Windows authentication."
>
> >
>
> > Both servers reside on the same domain. Other clients on the same
>
> > domain can use Windows Authentication just fine.
>
>
>
> What happens if you try to logon directly from the machine where Terminal
>
> Server is running on?
>
>
>
> I would ask the AD admin to check that the machine is entered correctly
>
> in the AD.
>
>
>
>
>
> --
>
> Erland Sommarskog, Stockholm, esquel@x
When logged on as the admin directly to one of the Win2012 Terminal Servers, it works fine. The end-users actually log on to a "RD Connection Broker" server, which connects them to one of the Terminal Servers in the group. That doesn't work.
(jtaylor@lorencook.com) writes:
> When logged on as the admin directly to one of the Win2012 Terminal
> Servers, it works fine. The end-users actually log on to a "RD
> Connection Broker" server, which connects them to one of the Terminal
> Servers in the group. That doesn't work.
>
I don't know how an "RD Connection Broker" works, but where do the users
present their credentials? If they present it to the broker, which then
connects them to the terminal server, and that server is not trusted for
delegation, I don't think this can work out.
Disclaimer: my expertise is in SQL Server, not in the Windows operating
system.
--
Erland Sommarskog, Stockholm, esquel@sommarskog.se
On Thursday, October 31, 2013 10:49:40 AM UTC-5, jta...@lorencook.com wrote:
> I'm getting this message when trying to connect to a SQL Server 2008 instance from a Windows 2012 Terminal Server session:
>
> "Login failed. The login is from an untrusted domain and cannot be used for Windows authentication."
>
>
>
> Both servers reside on the same domain. Other clients on the same domain can use Windows Authentication just fine.
>
>
>
> Any ideas?
Delegation sounds promising. Windows admin says it wants to know what service to allow for delegation. I guess nothing specifically mentions SQL Server. Any ideas?
(jtaylor@lorencook.com) writes:
> Delegation sounds promising. Windows admin says it wants to know what
> service to allow for delegation. I guess nothing specifically mentions
> SQL Server. Any ideas?
I would guess that in this case it is the services for Terminal Server
that needs delegation.
--
Erland Sommarskog, Stockholm, esquel@sommarskog.se
Mega Search
Sign Up 
