BUG: SQL authentication failure

jmeyerjmeyer Posts: 70 Bronze 2
edited October 21, 2016 5:42PM in SQL Data Compare
v12.0.24.3012 Professional:
Source database uses Windows authentication, target database uses SQL Server authentication. As soon as I select an existing project I am receiving notifications from SQL Server (target) for authentication failures:"SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.". It seems that DataCompare tries to first authenticate against the target database with integrated security and then switches over to the configured SQL Server authentication. The autnetication errors will then also occur

This behavior is not present in v11. SQLCompare shows the same issue, denoting a bug in the underlying common component.
· Share on Twitter

Comments

  • Mark JMark J Posts: 125 Bronze 5
    We've had a look at this problem, but haven't been able to reproduce it locally - we'll keep investigating and ask if we can think of any more details that would be helpful
    · Share on Twitter
  • jmeyerjmeyer Posts: 70 Bronze 2
    Mark:

    The target SQL Server instance is located in a different domain, maybe that's the critical difference. Our SQL Server instance then creates to login failure warnings:

    DESCRIPTION: SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. [CLIENT: x.x.x.x].

    Login Error 18452: DESCRIPTION: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: x.x.x.x]
    COMMENT: Login failed for user . Reason: Not associated with a trusted SQL Server connection.
    · Share on Twitter
  • Andrew FAndrew F Posts: 21
    We are still failing to reproduce this issue here even between different domains, as you suggested. Are you using any non-standard connection strings to connect to either the source or the target database?
    · Share on Twitter
  • jmeyerjmeyer Posts: 70 Bronze 2
    Update based on v12.0.30.3199

    Computer is in domain A, the SQL Server instance is in domain B. Domains do not trust each other, connections to the SQL Server instance in domain B will happen via SQL authentication. Created a new comparison project comparing the "model" database to itself, thus both source and destination connection are set up with SQL Server authentication. Saved the project and then closed and reopened the SQL Data compare instance. the comparison project comes up and right away I am receiving two identical authentication errors from the SQL Server instance:
    DESCRIPTION: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 10.10.130.56]
    COMMENT: Login failed for user . Reason: Not associated with a trusted SQL Server connection.

    I have to assume that each authentication error represents one connection attempt each for the source and destination database.

    clicking the database refresh button in the "Data Sources" tab will not result in authentication errors. Closing and re-opening the project will again result in two authentication errors. so, there is something going on as part of the initial process when you open a project.

    the project file is posted below: 
    <?xml version="1.0" encoding="utf-16" standalone="yes"?>
<!--
SQL Data Compare
SQL Data Compare
Version:12.0.30.3199-->
<Project version="3" type="SQLComparisonToolsProject">
  <DataSource1 version="3" type="LiveDatabaseSource">
    <ServerName>QSQL08OCR</ServerName>
    <DatabaseName>model</DatabaseName>
    <Username>meyer</Username>
    <SavePassword>True</SavePassword>
    <Password encrypted="1">LsMNNZvlguq=</Password>
    <ScriptFolderLocation />
    <MigrationsFolderLocation />
    <IntegratedSecurity>False</IntegratedSecurity>
  </DataSource1>
  <DataSource2 version="3" type="LiveDatabaseSource">
    <ServerName>QSQL08OCR</ServerName>
    <DatabaseName>model</DatabaseName>
    <Username>meyer</Username>
    <SavePassword>True</SavePassword>
    <Password encrypted="1">LsMNNZvlguq=</Password>
    <ScriptFolderLocation />
    <MigrationsFolderLocation />
    <IntegratedSecurity>False</IntegratedSecurity>
  </DataSource2>
  <LastCompared>09/28/2016 09:41:07</LastCompared>
  <Options>Default, CaseSensitiveObjectDefinition</Options>
  <InRecycleBin>False</InRecycleBin>
  <Direction>0</Direction>
  <ProjectFilter version="1" type="DifferenceFilter">
    <FilterCaseSensitive>False</FilterCaseSensitive>
    <Filters version="1">
      <None version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </None>
      <Assembly version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Assembly>
      <AsymmetricKey version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </AsymmetricKey>
      <Certificate version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Certificate>
      <Contract version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Contract>
      <DdlTrigger version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </DdlTrigger>
      <Default version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Default>
      <ExtendedProperty version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </ExtendedProperty>
      <EventNotification version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </EventNotification>
      <FullTextCatalog version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </FullTextCatalog>
      <FullTextStoplist version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </FullTextStoplist>
      <Function version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Function>
      <MessageType version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </MessageType>
      <PartitionFunction version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </PartitionFunction>
      <PartitionScheme version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </PartitionScheme>
      <Queue version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Queue>
      <Role version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Role>
      <Route version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Route>
      <Rule version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Rule>
      <Schema version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Schema>
      <SearchPropertyList version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </SearchPropertyList>
      <SecurityPolicy version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </SecurityPolicy>
      <Sequence version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Sequence>
      <Service version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Service>
      <ServiceBinding version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </ServiceBinding>
      <StoredProcedure version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </StoredProcedure>
      <SymmetricKey version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </SymmetricKey>
      <Synonym version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Synonym>
      <Table version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </Table>
      <User version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </User>
      <UserDefinedType version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </UserDefinedType>
      <View version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </View>
      <XmlSchemaCollection version="1">
        <Include>True</Include>
        <Expression>TRUE</Expression>
      </XmlSchemaCollection>
    </Filters>
  </ProjectFilter>
  <ProjectFilterName />
  <UserNote />
  <SelectedSyncObjects version="1" type="SelectedSyncObjects">
    <Schemas type="ListString" version="2" />
    <Grouping type="ListByte" version="2">
      <value type="Byte">0</value>
      <value type="Byte">0</value>
      <value type="Byte">0</value>
      <value type="Byte">0</value>
      <value type="Byte">0</value>
      <value type="Byte">0</value>
    </Grouping>
    <SelectAll>False</SelectAll>
  </SelectedSyncObjects>
  <SCGroupingStyle>0</SCGroupingStyle>
  <SQLOptions>266</SQLOptions>
  <MappingOptions>81</MappingOptions>
  <ComparisonOptions>35</ComparisonOptions>
  <TableActions type="ArrayList" version="1" />
  <SessionSettings>14</SessionSettings>
  <DCGroupingStyle>0</DCGroupingStyle>
  <SC_DeploymentOptions version="1" type="SC_DeploymentOptions">
    <BackupOptions version="1" type="BackupOptions">
      <BackupProvider>Native</BackupProvider>
      <TypeOfBackup>Full</TypeOfBackup>
      <Folder />
      <Filename />
      <SqbLicenseType>None</SqbLicenseType>
      <SqbVersion>0</SqbVersion>
      <DefaultNativeFolder />
      <DefaultSqbFolder />
      <Password encrypted="1" />
      <NameFileAutomatically>False</NameFileAutomatically>
      <OverwriteIfExists>False</OverwriteIfExists>
      <CompressionLevel>0</CompressionLevel>
      <EncryptionLevel>None</EncryptionLevel>
      <ThreadCount>0</ThreadCount>
      <BackupEnabled>False</BackupEnabled>
    </BackupOptions>
  </SC_DeploymentOptions>
</Project>
    · Share on Twitter
  • David EDavid E Posts: 75 Silver 1
    Hi,

    Thanks for the extra information - its very useful in helping us track down the exact location of the bug. To confirm these errors are appearing only on load of the project dialog and not when you press the refresh icon next to the database dropdown? Where do these errors appear? Are they shown in the validation section at the bottom of the form or do they produce a popup?

    I suspect this is related to the server dropdown population rather than the database lister but I'm going to do some more work locally to try and narrow this down.
    Software Engineer
    Redgate Software
    · Share on Twitter
  • jmeyerjmeyer Posts: 70 Bronze 2
    David:

    Yes, the error messages are only generated one time when opening the project in the project dialog. The errors themselves are reported back to us from the SQL Server instances as we set up alert notification emails for failed login attempts. So, SQL DataCompare (and SQLCompare as well) actually not not produce any error messages themselves. If I press the refresh button for the database drop-down box or proceed with a comparison then no error messages are being generated. Below si the SQL code to set up notification for login error 18452. 
    USE [msdb]
GO

IF  EXISTS (SELECT name FROM msdb.dbo.sysalerts WHERE name = N'QSQL08OCR: Login Error 18452')
EXEC msdb.dbo.sp_delete_alert @name=N'Servername: Login Error 18452'
GO

EXEC msdb.dbo.sp_add_alert @name=N'Servername: Login Error 18452', 
		@message_id=18452, 
		@severity=0, 
		@enabled=1, 
		@delay_between_responses=0, 
		@include_event_description_in=1, 
		@notification_message=N'Login failed for user . Reason: Not associated with a trusted SQL Server connection.', 
		@category_name=N'SQL Server Agent Alerts', 
		@job_id=N'00000000-0000-0000-0000-000000000000'
GO

EXEC msdb.dbo.sp_update_notification @alert_name=N'Servername: Login Error 18452', @operator_name=N'SQL Server Agent Alert Notification Group', @notification_method = 1
GO
    · Share on Twitter
  • sam.blackburnsam.blackburn Posts: 224 Gold 2
    We think we've fixed this bug (SC-8959) in the latest Frequent Update version, 12.0.32.3340 - does that version work for you?
    Software Developer
    Redgate Software
    · Share on Twitter
  • jmeyerjmeyer Posts: 70 Bronze 2
    Sam:

    It looks like this is fixed now, currently using v12.0.33.3389

    Thanks,
    Jens
    · Share on Twitter
Sign In or Register to comment.