We faced an error "Login failed for user 'DOMAIN\MACHINENAME$'" while for Web Application setup we were having SQL Server on one machine and IIS server on another.
Reason:
NETWORK SERVICE and LocalSystem will authenticate themselves always as the correpsonding account locally (builtin\network service and builtin\system) but both will authenticate as the machine account
if connecting to remote system.
it means that a process running as NETWORK SERVICE or as LocalSystem has accessed a remote resource, has authenticated itself as the machine account and was denied authorization.
When access is denied to a machine account, then access must be granted to the machine account. If the server refuses to login 'DOMAIN\MACHINE$', then you must grant login rights to 'DOMAIN\MACHINE$' not to NETWORK SERVICE. Granting access to NETWORK SERVICE would allow a local process running as NETWORK SERVICE to connect, not a remote one, since the remote one will authenticate as, you guessed, DOMAIN\MACHINE$.
Solution:
Create login in SQL Server for client machine .
Make required "User Mapping" for databases to whatever we wish to access
List of all probable reasons and solutions http://msdn.microsoft.com/en-us/library/ab4e6cky%28v=vs.80%29.aspx
For us this option worked : If SQL Server is running on a remote computer and the Web server is running IIS 6.0, give the Web server's machine account login privileges on the remote computer. The machine account is referenced as DOMAIN\MACHINENAME$.
Hope it helps.
Reason:
NETWORK SERVICE and LocalSystem will authenticate themselves always as the correpsonding account locally (builtin\network service and builtin\system) but both will authenticate as the machine account
if connecting to remote system.
it means that a process running as NETWORK SERVICE or as LocalSystem has accessed a remote resource, has authenticated itself as the machine account and was denied authorization.
When access is denied to a machine account, then access must be granted to the machine account. If the server refuses to login 'DOMAIN\MACHINE$', then you must grant login rights to 'DOMAIN\MACHINE$' not to NETWORK SERVICE. Granting access to NETWORK SERVICE would allow a local process running as NETWORK SERVICE to connect, not a remote one, since the remote one will authenticate as, you guessed, DOMAIN\MACHINE$.
Solution:
Create login in SQL Server for client machine .
Make required "User Mapping" for databases to whatever we wish to access
List of all probable reasons and solutions http://msdn.microsoft.com/en-us/library/ab4e6cky%28v=vs.80%29.aspx
For us this option worked : If SQL Server is running on a remote computer and the Web server is running IIS 6.0, give the Web server's machine account login privileges on the remote computer. The machine account is referenced as DOMAIN\MACHINENAME$.
Hope it helps.
No comments:
Post a Comment