This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 84%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
I was booted off the server this morning and then when I tried to log back in, I keep getting the below error. I have not made any changes to my log in credentials. When I use the MFA verification, I get the text with the code and enter it, then get this error. Other users are able to login. I have administrator access where as they do not. I have changed nothing.
TITLE: Connect to Server
Cannot connect to XXXXXX.database.windows.net.
ADDITIONAL INFORMATION:
Login failed for user '<token-identified principal>'. (Microsoft SQL Server, Error: 18456)
For help, click: https://docs.microsoft.com/sql/relational-databases/errors-events/mssqlserver-18456-database-engine-error
Megan Barnason Thank you for reaching out.
When was the last time you were able to login successfully?
The DBA responsible for this needs to check if the login has a mapped user id in the DB.
Could you please check if other users are also using AAD with MFA?
Regards,
Oury
Just checking in to see if you need additional assistance on this. Were you able to connect?
Regards,
Oury
Same issue was raised sometimes back on Q&A https://learn.microsoft.com/en-us/answers/questions/133709/login-failed-for-user
Please let us know if that is helpful.
Regards,
Oury
A possible solution may be to drop the user on the database and recreate the user as a contained database user mapped to the Azure Active Directory identity as explained here. For example,
CREATE USER [bob@contoso.com] FROM EXTERNAL PROVIDER;
CREATE USER [alice@fabrikam.onmicrosoft.com] FROM EXTERNAL PROVIDER;
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 79%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Thanks for your question.
Please follow below blog for Login failed for user '<token-identified principal>'. (Microsoft SQL Server, Error: 18456) related error
Let us know if this help or if you need any additional information.
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 12%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
I was getting this error and found a solution. You should not add distribution lists to security groups in AAD / Entra ID. Unfortunately, AAD allows this to happen, but then during the authentication process you will get the above error