Lost a connection to AD when SQL is trying to authenticate

pavan kumar 371 Reputation points
2021-01-30T04:42:42.72+00:00

Hi,

How can I fix this within AD. It looks like AD auth failure from one of our sql server. Any idea what exactly the error code is - 0x80090311

Error log:
"SSPI handshake failed with error code 0x80090311, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. No authority could be contacted for authentication. "

Thank you

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,807 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,930 questions
SQL Server Integration Services
SQL Server Integration Services
A Microsoft platform for building enterprise-level data integration and data transformations solutions.
2,460 questions
Transact-SQL
Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
4,558 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,586 Reputation points
    2021-01-30T22:39:07.537+00:00

    Hi,

    It seems that you SQL server is unable to contact a domain controller.

    Check if the DNS resolution is working fine to resolve the Domain name on your SQL server and if all required network flow are opened with domain controllers. You can use the PortQry to check the network ports between the SQL server and domain controllers:

    Please Don't forget to mark helpful reply as answer

    0 comments
  2. AmeliaGu-MSFT 13,961 Reputation points Microsoft Vendor
    2021-02-01T06:22:13.013+00:00

    Hi pavankumar-6152,

    If your logon domain differs from the domain of the computer that is running SQL Server, please check the trust relationship between the domains.
    And please make sure SPN's correctly registered with Active Directory. Please refer to Register a SPN for Kerberos Connections which might help.
    Please try to add the SQL Server Service account to "Access this computer from network" Policy under Local Security Policy -> Local Policies -> User Rights Assignment -> Access this computer from network".
    You can collect Netmon and see all the connections and communication happening from Client to SQL Server.
    In addition, please make sure the computer name is less than 15 characters. Please refer to this blog.

    Best Regards,
    Amelia

    0 comments