Error 3860 from Purview with on-Prem SHIR

Sharon Tamm 0 Reputation points
2024-04-04T21:34:23.9433333+00:00

After setting up Purview to scan one of our on-prem databases/servers, I am getting the following error when testing the connection for the scan: Error: (3860) Failed to access the SqlServerDatabase.

When I look in the SQL Server Logs, I can see:

  • Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.
  • Error: 18452, Severity: 14, State: 1.
  • Error: 17806, Severity: 20, State: 14.

I can see that there is some sort of domain trust issue, but when I read about Purview, it seems more likely that it is being kicked out of the trust relationship with Purview for some reason, and regular authentication is failing it?

When my dba runs a troubleshooting test, from the SHIR Server we setup, the user (domain service account) is able to connect by their password.

The user (domain service account) DOES have correct permissioning within Purview, as it is managing to get to the SQL Server to be rejected, and also the user (domain service account) has db_reader access to the intended database we are trying to scan.

The server is running in mixed mode, so there should be no issues there.

I am having our network people check that these are actually in the same domain, but I believe they are, so the domain trust issue theory doesn't really hold.

Anyone got any more thoughts on how to troubleshoot this? I feel like I must be missing something really obvious, setting up a connection for the scan seems to be fairly straightforward!

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,785 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,164 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. PRADEEPCHEEKATLA-MSFT 89,376 Reputation points Microsoft Employee
    2024-04-05T07:22:52.07+00:00

    @Sharon Tamm - Thanks for the question and using MS Q&A platform.

    It seems like you are encountering an error while setting up a scan on an on-prem database/server in Microsoft Purview. The error message you are seeing indicates that there is a login failure due to an untrusted domain.

    Based on the information you provided, it seems like the domain service account you are using to connect to the database has the correct permissioning within Purview and has db_reader access to the intended database. Additionally, the server is running in mixed mode, so there should be no issues there.

    One thing you may want to check is whether the domain service account is actually in the same domain as the database/server you are trying to scan. If they are not in the same domain, this could be causing the login failure.

    Another thing you can try is to check the firewall settings on the database/server to ensure that the necessary ports are open for communication with Purview. You may also want to check the networking requirements for self-hosted integration runtimes.

    For more details, refer to Connect to and manage an on-premises SQL server instance in Microsoft Purview

    If you are still having trouble, you may want to open a support for further assistance.

    Hope this helps. Do let us know if you any further queries.


  2. PRADEEPCHEEKATLA-MSFT 89,376 Reputation points Microsoft Employee
    2024-04-10T03:30:26.7566667+00:00

    @Sharon Tamm - I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to accept the answer .

    Ask: Error 3860 from Purview with on-Prem SHIR

    Solution: There was an issue with the secret, as the account had been setup some time ago. It was not expired, however the user password had changed and the secret needed to be updated! So, it was something REALLY simple in the end! As usual, if something seems to complicated.

    If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.

    If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.


    Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.