Share via

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

Sam H 0 Reputation points
2024-07-29T14:52:57.4433333+00:00

I'm working on configuring Azure SQL Server authentication using Microsoft Entra Integrated.

Here’s my setup:

  • I have an Azure SQL Server with an active database.
  • My laptop is connected to Azure AD.
  • I’ve opened SQL Server Management Studio (SSMS), entered the Azure SQL Server name in the server field, and selected Microsoft Entra Integrated under Authentication.
  • However, when I click "Connect," I receive an error.

Error message:

===================================

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

Error code 0xintegrated_windows_auth_not_supported_managed_user

Integrated Windows Auth is not supported for managed users. See https://aka.ms/msal-net-iwa for details.  (Framework Microsoft SqlClient Data Provider)

For help, click: https://docs.microsoft.com/sql/relational-databases/errors-events/mssqlserver-0-database-engine-error

Server Name: sql_server_db.database.windows.net

Error Number: 0

Severity: 11

State: 0

Procedure: AcquireToken

Program Location:

 

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OnFedAuthInfo(SqlFedAuthInfo fedAuthInfo)

   at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)

   at Microsoft.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover, Boolean isFirstTransparentAttempt, Boolean disableTnir)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)

   at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, ServerCertificateValidationCallback serverCallback, ClientCertificateRetrievalCallback clientCallback, DbConnectionPool pool, String accessToken, SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo, Boolean applyTransientFaultHandling)

   at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)

   at Microsoft.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)

   at Microsoft.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)

   at Microsoft.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)

   at Microsoft.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)

   at Microsoft.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)

   at Microsoft.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry, SqlConnectionOverrides overrides)

   at Microsoft.Data.SqlClient.SqlConnection.Open(SqlConnectionOverrides overrides)

   at Microsoft.Data.SqlClient.SqlConnection.Open()

   at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateSqlConnection(UIConnectionInfo ci, IDbConnection dbConnection, IServerType server)

   at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)

   at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()

 

I would greatly appreciate your assistance with this issue.

Azure SQL Database
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
14,004 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,127 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 8,150 Reputation points
    2024-07-29T16:18:39.9633333+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    Ensure that you are using the correct authentication type for connecting to Azure SQL Database. For Azure SQL Database, you should use Azure Active Directory (AAD) Authentication and not Integrated Windows Authentication. The Microsoft Entra Integrated option might not be the correct one for Azure SQL Database.

    Make sure that your Azure SQL Database is configured to use Azure AD authentication. You need to have an Azure AD admin configured for your Azure SQL Database and user account is added to the Azure SQL Database as an Azure AD user or group.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

  2. Oury Ba-MSFT 19,581 Reputation points Microsoft Employee
    2024-08-01T21:18:06.5966667+00:00

    Sam H Thank you for reaching out.

    For integrated auth it is probably your machine is not setup with Entra properly.

    Please do also check with administrator or do the following if you have the right permissions.

    1. Join the Machine to Microsoft Entra ID:
      • Go to Settings > Accounts > Access work or school.
      • Click on Connect and follow the prompts to join the machine to Microsoft Entra ID.
    2. Enable Integrated Windows Authentication:
      • Open Internet Explorer and go to Tools > Internet Options.
      • Select the Advanced tab and scroll down to the Security section.
      • Check the box for Enable Integrated Windows Authentication.
    3. Configure Local Intranet Settings:
      • In Internet Explorer, go to Tools > Internet Options > Security tab.
      • Select Local Intranet and click on Sites > Advanced.
      • Add your Azure SQL Server URL to the list of websites.
    4. Set Up Group Policies:
      • Open the Group Policy Editor (gpedit.msc).
      • Navigate to Computer Configuration > Administrative Templates > System > Credentials Delegation.
      • Enable the policy Allow delegating saved credentials with NTLM-only server authentication and add your server to the list.

    Regards,

    Oury

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.