Examples of some connection errors for Azure Active Directory Authentication

Mirek Sztajno
Last updated on 09/28/15

Examples of some connection errors for Azure Active Directory Authentication with Azure SQL DB V12

(*) Please note that this table does not represent a complete sample of connection errors for Azure AD authentication
     and will be extended based on new connection errors experienced by end-users

 

 Error Message  Reason  Action

Error: 18456

Login failed for user ‘NT
  AUTHORITY\ANONYMOUS LOGON’. (.Net SqlClient Data Provider)

  Cannot connect xxxxx.database.windows.net

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476

There are many scenarios that may cause this error.

Generally user does not have permission to connect to a database
(i.e. Azure AD user has not been granted CONNET permission to a database he tries to connect to.

 

Please check user connect permission

 

Error: 40607

Windows logins are not supported in this version of SQL
  Server. (Microsoft SQL Server, Error: 40607)

 Indicates that the required software for Azure AD auth is not installed (i.e. old version of SSMS, no .NET 4.6, no ADALSQL.DLL)  Check the necessary software is installed. Don’t forget to reboot the machine if .NET 4.6 was installed

Error: 10054

Cannot connect to myserver1.database.windows.net. 

A connection was successfully established with the server, but then an error occurred during the login process. (provider: TCP Provider, error: 0 – An existing connection was forcibly closed by the remote host.) (Microsoft SQL Server, Error: 10054) 

For help,
click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=10054&LinkId=20476 

 V11 server with managed/federated account   Migrate to V12 server

Error code 0xCAA90020; state 10 

Failed to authenticate the user aadtest@live.com in Active Directory
  (Authentication=ActiveDirectoryPassword). 

  Error code 0xCAA90020; state 10 

Url for WS-Trust metadata exchange endpoint is not a secure (https). 

 MSA account is not supported   Choose another user supported for Azure Ad auth

Error code 0xCAA20002; state 10 

Failed to authenticate the user admin@myaad.onmicrosoft.com in Active Directory
  (Authentication=ActiveDirectoryPassword). 

  Error code 0xCAA20002; state 10 

  AADSTS90002: Requested tenant identifier
  ‘00000000-0000-0000-0000-000000000000’ is not valid. Tenant identifiers may
  not be an empty GUID. 

  Trace ID: 35e5628c-62e2-466f-9f5d-722f1c34d984 

  Correlation ID:
  77d83afa-541a-4ea8-a942-8442e3c367a7 

  Timestamp: 2015-08-28 03:10:01Z (.Net SqlClient Data Provider) 

 External admin
on SQL server is not set 
 Check the
external admin configuration  

Error code
  0xCAA20003; state 10 

Failed to authenticate the user bob@contoso.com in Active Directory
  (Authentication=ActiveDirectoryPassword). 

  Error code 0xCAA20003; state 10 

  ID3242: The security token could not be
  authenticated or authorized.

 Wrong
username/password for Active Directory Password Authentication targeting federated tenant 
 Ensure the
username and password are correct  for the federated
domain to connect

Error code
  0xCAA20003; state 10 

Failed to authenticate the user produser@myaad.onmicrosoft.com in Active
  Directory (Authentication=ActiveDirectoryPassword). 

  Error code 0xCAA20003; state 10 

  AADSTS70002: Error validating credentials.
  AADSTS50126: Invalid username or password 

  Trace ID: 3558d287-3ffd-4c53-98ac-08c152a09304 

  Correlation ID:
  036d8ae8-1a26-4437-b0aa-7912f1ba0b46 

  Timestamp: 2015-09-04 20:34:33Z (.Net SqlClient Data Provider) 

 Wrong
username/password for Active Directory Password Authentication targeting Managed tenant 
 Ensure the
username and password are correct  for the managed domain
to connect
 

Error code
  0xCAA20064; state 10 

Failed to authenticate the user alice@myaad.onmicrosoft.com in Active Directory
  (Authentication=ActiveDirectoryPassword). 

  Error code 0xCAA20064; state 10 

  AADSTS70002: Error validating credentials.
  AADSTS50055: Password is expired. 

  Trace ID: 25d80a2d-c39b-4f03-ac6c-ae547ee33135 

  Correlation ID:
  78ad0aa5-9f5f-4ff6-881b-76c1bdb87f7a 

  Timestamp: 2015-09-09 17:26:34Z (.Net SqlClient Data Provider) 

 Azure AD password expired  Reset Azure AD
password