Comments (11)
  1. Vikram Gupta says:

    Thanks Don, with help of your article, I could investigate and resolve error being logged on our SQL Server

    1. Thank you Vikram for the feedback.

  2. John Marsh says:

    Thanks Don,
    This article helped me troubleshoot and resolve a Production issue.

  3. Sai Repalle says:

    Thanks Don, This article guided me right direction to resolve issue

  4. rayudu says:

    Thanks Don,For sharing detail info on issue.

  5. Thanks Don, but the solution didn’t work for me. The problem always occurs by logging in using Windows Authentication on the sql server itself. On any other client there is no problem using the same credentials. This is on our new SQL2017 server. On our SQL 2016 server we do not have this problem and it resides in the same domain/network.

    1. Hello Gregory,

      Couple of things to check here are:
      1. Is the connectivity breaking only for Windows authentication or SQL authentication as well?
      2. If its SSPI error while connecting to SQL instance, then any errors reported in security logs? What is the error code reported? can you print the error message reported in error log here?

  6. SQL Warri0r says:

    Very helpful information. Thanks for posting this.

  7. PawelSzafer says:

    I followed this tutorial joining SQL Servr 2017 installed on CentOS to domain – and after a while I get error you described.
    Of course on CentOS I don’t have secpol, but to get login on sql server working again I have to invoke on domain controller:
    setspn -D MSSQLSvc/**fqdn**:1433 mssql
    setspn -A MSSQLSvc/**fqdn**:1433 mssql

    Errors are pretty similar:
    # Error: 17806, Severity: 20, State: 14.
    # SSPI handshake failed with error code 0x80090308, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. The token supplied to the function is invalid
    # Error: 18452, Severity: 14, State: 1
    # Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.

  8. Another cause can be if the account is locked out. We had this due to a rogue service running every half hour with the wrong password. The account was a service account and set to unlock itself after a few minutes where this occurred so it was quite difficult to track down.

Comments are closed.

Skip to main content