How to fix, Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.

Manjusha Shinde 0 Reputation points
2023-05-12T07:33:52.4566667+00:00

We have setup the domain controller. Two machines (Windows Server 2019 Standard, 10.0.17763) are added to the same domain(Mac1 and Mac2). From Mac1, we are trying to connect remotely to SQL Server 2019 installed on Mac2. We are using Mix mode authentication to connect to SQL server. We are getting below error :

"Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication."

We made sure that both the machines are on the same domain using domain controller we have setup to troubleshoot this issue.

Please suggest a fix to resolve the issue.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,776 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Muhammad Ahsan Khan 245 Reputation points
    2023-05-12T08:06:59.4066667+00:00

    Greetings,

    The error message you receive indicates that SQL Server is configured to use Integrated Authentication (Windows Authentication), but the login is being attempted from a domain that SQL Server does not trust.

    Try the following steps to resolve this issue: 

    • Ensure trust between domains: Verify that the domain Mac1 and Mac2 belong to is trusted by the SQL Server domain. If the domains are in different forests or there is no trust relationship established, you may encounter this error. Contact your system administrator to establish the necessary trust relationship between the domains.
    • Use SQL Server Authentication: If you are unable to establish a trust relationship between the domains, you can switch to SQL Server Authentication instead of Integrated Authentication. This will allow you to authenticate using SQL Server credentials (username and password) rather than relying on the Windows domain authentication. To do this, follow these steps:
    1. Open SQL Server Management Studio (SSMS) on the SQL Server machine (Mac2).
    2. Connect to the SQL Server instance.
    3. Right-click on the server name and select "Properties."
    4. Go to the "Security" section.
    5. Select "SQL Server and Windows Authentication mode."
    6. Click "OK" to save the changes.
    7. Restart the SQL Server service to apply the changes.

    After making this change, you should be able to connect to the SQL Server using SQL Server Authentication credentials from Mac1.

    • Verify connection settings: Double-check the connection settings in your connection string or connection configuration. Ensure that you are specifying the correct server name, instance name, and authentication method (e.g., "Server=Mac2;Database=YourDatabase;User Id=YourUsername;Password=YourPassword").
    • Check firewall and network settings: Make sure that the necessary network ports (e.g., TCP port 1433 for default SQL Server instances) are open and accessible between the Mac1 machine and the SQL Server machine (Mac2). Additionally, verify that any firewall or network security configurations allow the communication between the machines.

    If these steps do not resolve the issue, it may be helpful to check the SQL Server logs for detailed error information.

    1 person found this answer helpful.
  2. ZoeHui-MSFT 33,211 Reputation points
    2023-05-15T05:51:59.5366667+00:00

    Hi @Manjusha Shinde,

    Are you using a domain account to connect to the sql db, please have a double check.

    If possible, could you please use the account to sign into mac2 and then connect to the server in mac2 to see if you can connect successfully or not.

    In addition, you may check the SQL Server logs for detail messages.

    Here is a same thread you may take a reference to.

    Regards,

    Zoe Hui

    If the answer is helpful, please click "Accept Answer" and upvote it

  3. Richard Lancaster 0 Reputation points
    2023-09-04T01:35:41.2333333+00:00

    We have had this same error when connecting web apps to an application.

    Check which user is configured for the iis.

    Ours was setup to use a domain user account, prior to creating service accounts.

    The user then had to change password and this does not flow through to the iis, causing the error above.

    FIX: Set up the iis to run from a service account instead of a domain user and this should fix your problem. It fixed ours.

    0 comments
  4. Herdsman, Wade 0 Reputation points
    2023-11-22T05:37:48.76+00:00

    I have this same problem connecting to an SQL server from an Azure function app using a Hybrid Connection. The hybrid connection attempts to connect with the windows account that I set up the connection agent with but hits this error. On the same on prem server that I set up the agent on with that same windows account I can connect to the database using SSMS.

    The security team implemented database hardening and we can no longer use native SQL logins.

  5. Bruce (SqlWork.com) 56,846 Reputation points
    2024-05-03T20:17:00.09+00:00

    If using a Mac to connect to SQLServer via integrated security, you are using Kerberos. The Mac (like Linux) only allows one kerberos identity at a time.

    you can use the "ticket viewer" app to see the kerberos identity. "ticket viewer" will also allow to login its <user name>@<dns domain name> (ex: JOHN@FOO.COM)

    note: login on to your windows server and exec at command line

    % echo %USERDNSDOMAIN%

    to get the domain name.

    note: if the Mac joined the domain then use the "Directory Utility" to check the config settings.

    https://support.apple.com/guide/directory-utility/about-directory-utility-xsvroddu001/6.4/mac/14.0

    0 comments