What are the challenges you face when working across database platforms? Take the survey
Options

BUG: SQL authentication failure

jmeyerjmeyer Posts: 70 Bronze 2
edited October 21, 2016 5:42PM in SQL Data Compare
v12.0.24.3012 Professional:
Source database uses Windows authentication, target database uses SQL Server authentication. As soon as I select an existing project I am receiving notifications from SQL Server (target) for authentication failures:"SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.". It seems that DataCompare tries to first authenticate against the target database with integrated security and then switches over to the configured SQL Server authentication. The autnetication errors will then also occur

This behavior is not present in v11. SQLCompare shows the same issue, denoting a bug in the underlying common component.

Comments

  • Options
    We've had a look at this problem, but haven't been able to reproduce it locally - we'll keep investigating and ask if we can think of any more details that would be helpful
  • Options
    jmeyerjmeyer Posts: 70 Bronze 2
    Mark:

    The target SQL Server instance is located in a different domain, maybe that's the critical difference. Our SQL Server instance then creates to login failure warnings:

    DESCRIPTION: SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. [CLIENT: x.x.x.x].

    Login Error 18452: DESCRIPTION: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: x.x.x.x]
    COMMENT: Login failed for user . Reason: Not associated with a trusted SQL Server connection.
  • Options
    We are still failing to reproduce this issue here even between different domains, as you suggested. Are you using any non-standard connection strings to connect to either the source or the target database?
  • Options
    jmeyerjmeyer Posts: 70 Bronze 2
    Update based on v12.0.30.3199

    Computer is in domain A, the SQL Server instance is in domain B. Domains do not trust each other, connections to the SQL Server instance in domain B will happen via SQL authentication. Created a new comparison project comparing the "model" database to itself, thus both source and destination connection are set up with SQL Server authentication. Saved the project and then closed and reopened the SQL Data compare instance. the comparison project comes up and right away I am receiving two identical authentication errors from the SQL Server instance:
    DESCRIPTION: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 10.10.130.56]
    COMMENT: Login failed for user . Reason: Not associated with a trusted SQL Server connection.

    I have to assume that each authentication error represents one connection attempt each for the source and destination database.

    clicking the database refresh button in the "Data Sources" tab will not result in authentication errors. Closing and re-opening the project will again result in two authentication errors. so, there is something going on as part of the initial process when you open a project.

    the project file is posted below:
    <?xml version="1.0" encoding="utf-16" standalone="yes"?>
    <!--
    SQL Data Compare
    SQL Data Compare
    Version:12.0.30.3199-->
    <Project version="3" type="SQLComparisonToolsProject">
      <DataSource1 version="3" type="LiveDatabaseSource">
        <ServerName>QSQL08OCR</ServerName>
        <DatabaseName>model</DatabaseName>
        <Username>meyer</Username>
        <SavePassword>True</SavePassword>
        <Password encrypted="1">LsMNNZvlguq=</Password>
        <ScriptFolderLocation />
        <MigrationsFolderLocation />
        <IntegratedSecurity>False</IntegratedSecurity>
      </DataSource1>
      <DataSource2 version="3" type="LiveDatabaseSource">
        <ServerName>QSQL08OCR</ServerName>
        <DatabaseName>model</DatabaseName>
        <Username>meyer</Username>
        <SavePassword>True</SavePassword>
        <Password encrypted="1">LsMNNZvlguq=</Password>
        <ScriptFolderLocation />
        <MigrationsFolderLocation />
        <IntegratedSecurity>False</IntegratedSecurity>
      </DataSource2>
      <LastCompared>09/28/2016 09:41:07</LastCompared>
      <Options>Default, CaseSensitiveObjectDefinition</Options>
      <InRecycleBin>False</InRecycleBin>
      <Direction>0</Direction>
      <ProjectFilter version="1" type="DifferenceFilter">
        <FilterCaseSensitive>False</FilterCaseSensitive>
        <Filters version="1">
          <None version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </None>
          <Assembly version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Assembly>
          <AsymmetricKey version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </AsymmetricKey>
          <Certificate version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Certificate>
          <Contract version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Contract>
          <DdlTrigger version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </DdlTrigger>
          <Default version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Default>
          <ExtendedProperty version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </ExtendedProperty>
          <EventNotification version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </EventNotification>
          <FullTextCatalog version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </FullTextCatalog>
          <FullTextStoplist version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </FullTextStoplist>
          <Function version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Function>
          <MessageType version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </MessageType>
          <PartitionFunction version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </PartitionFunction>
          <PartitionScheme version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </PartitionScheme>
          <Queue version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Queue>
          <Role version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Role>
          <Route version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Route>
          <Rule version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Rule>
          <Schema version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Schema>
          <SearchPropertyList version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </SearchPropertyList>
          <SecurityPolicy version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </SecurityPolicy>
          <Sequence version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Sequence>
          <Service version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Service>
          <ServiceBinding version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </ServiceBinding>
          <StoredProcedure version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </StoredProcedure>
          <SymmetricKey version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </SymmetricKey>
          <Synonym version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Synonym>
          <Table version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </Table>
          <User version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </User>
          <UserDefinedType version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </UserDefinedType>
          <View version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </View>
          <XmlSchemaCollection version="1">
            <Include>True</Include>
            <Expression>TRUE</Expression>
          </XmlSchemaCollection>
        </Filters>
      </ProjectFilter>
      <ProjectFilterName />
      <UserNote />
      <SelectedSyncObjects version="1" type="SelectedSyncObjects">
        <Schemas type="ListString" version="2" />
        <Grouping type="ListByte" version="2">
          <value type="Byte">0</value>
          <value type="Byte">0</value>
          <value type="Byte">0</value>
          <value type="Byte">0</value>
          <value type="Byte">0</value>
          <value type="Byte">0</value>
        </Grouping>
        <SelectAll>False</SelectAll>
      </SelectedSyncObjects>
      <SCGroupingStyle>0</SCGroupingStyle>
      <SQLOptions>266</SQLOptions>
      <MappingOptions>81</MappingOptions>
      <ComparisonOptions>35</ComparisonOptions>
      <TableActions type="ArrayList" version="1" />
      <SessionSettings>14</SessionSettings>
      <DCGroupingStyle>0</DCGroupingStyle>
      <SC_DeploymentOptions version="1" type="SC_DeploymentOptions">
        <BackupOptions version="1" type="BackupOptions">
          <BackupProvider>Native</BackupProvider>
          <TypeOfBackup>Full</TypeOfBackup>
          <Folder />
          <Filename />
          <SqbLicenseType>None</SqbLicenseType>
          <SqbVersion>0</SqbVersion>
          <DefaultNativeFolder />
          <DefaultSqbFolder />
          <Password encrypted="1" />
          <NameFileAutomatically>False</NameFileAutomatically>
          <OverwriteIfExists>False</OverwriteIfExists>
          <CompressionLevel>0</CompressionLevel>
          <EncryptionLevel>None</EncryptionLevel>
          <ThreadCount>0</ThreadCount>
          <BackupEnabled>False</BackupEnabled>
        </BackupOptions>
      </SC_DeploymentOptions>
    </Project>
    
  • Options
    Hi,

    Thanks for the extra information - its very useful in helping us track down the exact location of the bug. To confirm these errors are appearing only on load of the project dialog and not when you press the refresh icon next to the database dropdown? Where do these errors appear? Are they shown in the validation section at the bottom of the form or do they produce a popup?

    I suspect this is related to the server dropdown population rather than the database lister but I'm going to do some more work locally to try and narrow this down.
    Software Engineer
    Redgate Software
  • Options
    jmeyerjmeyer Posts: 70 Bronze 2
    David:

    Yes, the error messages are only generated one time when opening the project in the project dialog. The errors themselves are reported back to us from the SQL Server instances as we set up alert notification emails for failed login attempts. So, SQL DataCompare (and SQLCompare as well) actually not not produce any error messages themselves. If I press the refresh button for the database drop-down box or proceed with a comparison then no error messages are being generated. Below si the SQL code to set up notification for login error 18452.
    USE [msdb]
    GO
    
    IF  EXISTS (SELECT name FROM msdb.dbo.sysalerts WHERE name = N'QSQL08OCR: Login Error 18452')
    EXEC msdb.dbo.sp_delete_alert @name=N'Servername: Login Error 18452'
    GO
    
    EXEC msdb.dbo.sp_add_alert @name=N'Servername: Login Error 18452', 
    		@message_id=18452, 
    		@severity=0, 
    		@enabled=1, 
    		@delay_between_responses=0, 
    		@include_event_description_in=1, 
    		@notification_message=N'Login failed for user . Reason: Not associated with a trusted SQL Server connection.', 
    		@category_name=N'SQL Server Agent Alerts', 
    		@job_id=N'00000000-0000-0000-0000-000000000000'
    GO
    
    EXEC msdb.dbo.sp_update_notification @alert_name=N'Servername: Login Error 18452', @operator_name=N'SQL Server Agent Alert Notification Group', @notification_method = 1
    GO
    
  • Options
    We think we've fixed this bug (SC-8959) in the latest Frequent Update version, 12.0.32.3340 - does that version work for you?
    Software Developer
    Redgate Software
  • Options
    jmeyerjmeyer Posts: 70 Bronze 2
    Sam:

    It looks like this is fixed now, currently using v12.0.33.3389

    Thanks,
    Jens
Sign In or Register to comment.