[ACCEPTED]-SQL Server 2008 Windows Auth Login Error: The login is from an untrusted domain-sql-server

Accepted answer
Score: 50

Another reason this might happen (just happened 4 to me) ... is the user's password expires. I 3 didn't realize this until I tried to remote 2 into the actual server and was prompted 1 to change my password.

Score: 39

For me, this happened when I edited a blank 2 drivers/etc/hosts file, and added an entry for a local website, but 1 neglected to add localhost

Score: 29

The issue was caused by a down Active Directory 3 Server, which of course could not authenticate 2 the Windows account. Thank you for your 1 assistance.

Score: 19

For anyone else who runs into this, I had 2 this in my hosts file:   localhost   customname

and I needed it to 1 be this:   localhost   localhost   customname
Score: 16

"The issue was caused by a down Active Directory 10 Server, which of course could not authenticate 9 the Windows account"

It is not "of course 8 - because if AD is not available then Kerberos 7 authentication falls back to NTLM (domain 6 account credentials are cached locally, one 5 can login with it even if AD/Kerberos is 4 not available). I guess that you have possibly 3 2 simultaneous conditions for this failure 2 to happen:

  • SQL Server is not local (on another machine)
  • The trust is configured "Kerberos only"

or other specific security network/server/AD/machine 1 configurations

Score: 11

Make sure you aren't connected to a VPN on another domain\user. Or, conversely, make sure you are connected, if 1 that is what is required.

Score: 10

I had this issue for a server instance on 7 my local machine and found that it was because 6 I was pointing to with something 5 other than "localhost" in my hosts file. There 4 are two ways to fix this issue in my case:

  1. Clear the offending entry pointing to in the hosts file
  2. use "localhost" instead of the other name that in the hosts file that points to

*This 3 only worked for me when I was running the 2 sql server instance on my local box and 1 attempting to access it from the same machine.

Score: 5

There is a setting on the jTDS driver called 3 USENTLMV2 that is set to false by default. Setting 2 this to 'true' in my db software (DBVisualizer) solved 1 it.

Score: 4

I fixed this issue on machine disabling 1 the loopback check setting:

  1. Edit the Windows registry: Start –> Run > Regedit
  2. Navigate to: HKLM\System\CurrentControlSet\Control\LSA
  3. Add a DWORD value called “DisableLoopbackCheck”
  4. Set this value to 1
Score: 3

try using a different valid login using RUNAS command

runas /user:domain\user “C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ssmsee.exe” 

runas /user:domain\user “C:\WINDOWS\system32\mmc.exe /s \”C:\Program Files\Microsoft SQL Server\80\Tools\BINN\SQL Server Enterprise Manager.MSC\”" 

runas /user:domain\user isqlw 


Score: 3

For me, it was because i did not add the 4 account to have roles I wanted to use to 3 the SQL Database itself. And also due to 2 a bad password attempts via copy paste problem 1 locking account.

Score: 3

Okay, completely out there answer from me. I 23 was getting this error from a development 22 environment hosted on VM VirtualBox. Three 21 servers; SharePoint, SQL DB and Domain Controller. The 20 SharePoint server couldn't connect to the 19 configuration database. I could still connect 18 via ODBC for Sql authentication using SA 17 account but not Windows authentication. But 16 that user would happily log into SSMS on 15 the sql server itself. I got a better error 14 message from ODBC too and also by checking 13 the failed login messages on sql server:

select text from sys.messages where message_id = '18452' and language_id = 1033

Can't 12 take credit for this because I asked one 11 of our Enterprise Systems Administrators 10 for help and he diagnosed it in about 5 9 minutes of looking at a few screen shots 8 I sent him. Problem was that the Domain Controller’s clock was set incorrectly! Couldn't believe it. The 7 servers are setup for Host Only networking 6 so don't have internet to sync the clock 5 with. That also explains why rolling back 4 to an earlier snapshot when I know the system 3 was working didn't solve the problem.

Edit: Installing 2 the Guest Additions on the server syncs 1 the guest clock with the host.

Score: 3

Another scenario where you might see this 6 is when you are attempting to connect to 5 another SQL server from an SSMS session 4 that was already logged-in while you changed 3 your password. Sequence of events might 2 go something like:

  1. RDP to Server-A (your SQL Server), open SSMS and login
  2. RDP to Server-B in the same domain and change your password
  3. Return to RDP session on Server-A and via SSMS attempt to add another DB into an existing AlwaysOn availability group. When connecting to replicas you get "untrusted domain"-login-error

To resolve, simply logoff 1 and log back in

Score: 3

You may be misleaded about the username you use locally. That was my 9 case in Windows 10 Home. When I look at 8 users in control panel, I see the name usrpc01. However 7 when I type net config workstation, it appears that the user's 6 name is spc01. Seems like someone renamed the 5 user, but the internal name remained unchanged.

Not 4 knowing how to fix windows user name (and 3 the folder name under C:\Users, which also refers 2 to the original internal name), I added 1 a new user accout on my db server.

Score: 1

I have been trying to log into a SQL Server 15 2008 from a domain account. The SQL Server 14 2008 is hosted on a different workgroup 13 computer that is not part of the domain. As 12 strange as it sounds, on the workgroup server 11 where SQL Server 2008 is running, I had 10 to go to System Properties | Computer Name 9 (tab) | Change (button) | Computer Name 8 Change | More... (button) and enter the 7 "Primary DNS suffix of this computer" (it 6 was blank, so enter the desired suffix for 5 your network) and check the "Change primary 4 DNS suffix when domain membership changes" box. This 3 allowed the Windows Authentication process 2 to complete when logging into the SQL Server 1 2008.

Score: 1

I had to use netonly to get this to work 1 on modern Windows:

runas /netonly /user:domain\user "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\ssms.exe"

Score: 1

Another reason> someone changed the password 3 for the default SQL user

this happened to 2 me a couple of minutes ago by switching 1 to a new domain controller ...

Score: 1

I had wrong entry in hosts file under C:\Windows\System32\drivers\etc

[Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

Make 1 sure to have entry like below   localhost   localhost   servername
Score: 1

I was using an alias for an SQL Server instance 2 that pointed to "". Changing it 1 to "localhost" instead did the trick.

Score: 1

If your Sql Server is running on a server 8 that's is not part of a domain and in the 7 connection string you use a fully qualifed 6 domain name (e.g. xyz.mypc.com) with Integrated 5 Security=True, you might have to switch 4 to using either the IP address, MachineName 3 (SERVER01), or the dot (.) in case it's 2 locally hosted.

This worked for me, using 1 the fqdn resulted in the above error.

Score: 0

in order to enable windows authentication 4 both computers need to be in the same domain. in 3 order to allow managment studios to pass 2 the current credentials and authenticate 1 in the sql box

Score: 0

For me, I have to disconnect (change workgroup/domain) from 1 the Domain and reconnect.

Score: 0

And another possible reason: The new created 3 local Account on DB Server had the: "User 2 must change Password at next Login" Flag 1 set.

Score: 0

Here's what fixed it for me: Properties 4 of network connection Click on: "Internet 3 Protocol Version 4 (TCT/IPv4)". Click "Properties" button. Click 2 "Advanced" button. Select "DNS" tab. Delete 1 text in "DNS suffix for this connection".

Score: 0

I wasn't able to remotely connect to the 6 SQL server either. Both SQL server and remote 5 server where in the same domain. And I had 4 been requested a password change some days 3 before. Restarting both the SQL server and 2 the remote server I was trying to access 1 SQL server from did the trick for me.

Score: 0

In our case it was the fact that the developer 4 was running the application pool under his 3 own account, and had reset his password 2 but forgot to change it on the application 1 pool. Duh...

Score: 0

In my case, the server had been disabled 5 in the domain controller. I went into the 4 COMPUTERS OU in Active directory, right-clicked 3 on the server,enabled it, then did a gpupdate 2 /force from the SQL server. It took a moment, but 1 it finally worked.

Score: 0

In my case, in the host file, the machine 4 name is hard coded with older IP. I replace 3 the older IP with the new one, the issue 2 is resolved.

Host file location


Modifications 1 done 159.xx.xx.xxx MachineName

Score: 0

None of the above worked for me. What I 8 had to do was: In SQL Server Management 7 Studio on the login screen, select Options 6 >> In the Network section change the Network 5 protocol to Named Pipes.

Also, what I had 4 to do to make it work with the <default> setting 3 was to disable the wireless network (the 2 machine was also connected to the wired 1 lan).

Score: 0

My fix was to change the web.config file 3 to correlate with my new server name for 2 SQL Connection (IT Security had just done 1 a netdom rename on my development box.

More Related questions