none
Reason: Token-based server access validation failed with an infrastructure error

    Question

  • we have moved the sql server 2008 to different domain, none of the domain users able logon to sql. Error with below message in log file

    2011-02-07 16:04:50.18 Logon       Error: 18456, Severity: 14, State: 11.
    2011-02-07 16:04:50.18 Logon       Login failed for user 'ADom\kuser'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]

    2011-02-07 16:05:50.78 Logon       Error: 18456, Severity: 14, State: 11.
    2011-02-07 16:05:50.78 Logon       Login failed for user 'ADom\kuser'.   with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]

    i checked the setspn -l command, sql server is registered with new domain name and sql port. Unable login to SSMS run as administration
    unfortunately we lost the SA password also. All the sql server services running under local system account and also tried with change to network service account.

    i tried to restart the sql server in single user mode and error with below message
    2011-02-07 17:39:10.22 Server      Error: 17058, Severity: 16, State: 1.
    2011-02-07 17:39:10.22 Server      initerrlog: Could not open error log file ''.
     Operating system error = 3(failed to retrieve text for this error. Reason: 1510
    5).

    Any solution please, with out reinstall? Appreciate your reply.

     
    Monday, February 07, 2011 11:15 PM

Answers

  • i have been told by sys admin, user accounts created same in new domain controller as similar to old. No, there is no trust between two domains.

    i managed to run the sql server in single user mode, by running through run as administrator priv still can't login through ssms and as well as sqlcmd. Anyother way to created a new sql account?

    one more info operating system is win2008.


    You can't just add the accounts to the new domain and expect that everything is going to work out.  You have to add the new domain accounts back into SQL, the Domain is different.

    In Single User Mode, you have to also elevate the priviledge of the command prompt for sqlcmd to connect using the local administrator = sysadmin in single user mode back door to SQL Server.


    Jonathan Kehayias | Senior Database Administrator and Consultant
    Feel free to contact me through My Blog or Twitter
    Please click the Mark as Answer button if a post solves your problem!
    Tuesday, February 08, 2011 12:27 AM

All replies

  • Did you change the permissions in SQL Server so that the accounts in the new Domain had access to the system?  Is there a trust between the two domains?  I am afraid that without this information its impossible to effectively troubleshoot the problem. 

    In the above Log information have you removed or changed information?  That could be part of the problem, for example the initerrlog failure doesn't have a path to the errorlog file, so you either removed it, or you removed the startup parameters for the SQL Server Service when you put the single user mode startup parameters in, and you need to put them back in for the engine to start. The -d, -e, and -l startup parameters have to be set to tell SQL where to find the master databases files and write the ErrorLog.

    http://msdn.microsoft.com/en-us/library/ms190737.aspx


    Jonathan Kehayias | Senior Database Administrator and Consultant
    Feel free to contact me through My Blog or Twitter
    Please click the Mark as Answer button if a post solves your problem!
    Monday, February 07, 2011 11:25 PM
  • i have been told by sys admin, user accounts created same in new domain controller as similar to old. No, there is no trust between two domains.

    i managed to run the sql server in single user mode, by running through run as administrator priv still can't login through ssms and as well as sqlcmd. Anyother way to created a new sql account?

    one more info operating system is win2008.

    Monday, February 07, 2011 11:48 PM
  • everfor,

    where do you try to use ssms to login? local host?

    if on localhost, try  sqlcmd -Slocalhost -E, see whether it works?

    paste us the whole errorlog after you started, it will give better information.


    Sevengiants.com
    Tuesday, February 08, 2011 12:00 AM
  • i have been told by sys admin, user accounts created same in new domain controller as similar to old. No, there is no trust between two domains.

    i managed to run the sql server in single user mode, by running through run as administrator priv still can't login through ssms and as well as sqlcmd. Anyother way to created a new sql account?

    one more info operating system is win2008.


    You can't just add the accounts to the new domain and expect that everything is going to work out.  You have to add the new domain accounts back into SQL, the Domain is different.

    In Single User Mode, you have to also elevate the priviledge of the command prompt for sqlcmd to connect using the local administrator = sysadmin in single user mode back door to SQL Server.


    Jonathan Kehayias | Senior Database Administrator and Consultant
    Feel free to contact me through My Blog or Twitter
    Please click the Mark as Answer button if a post solves your problem!
    Tuesday, February 08, 2011 12:27 AM
  • i met a exactly same problem.

    the problem is the sqlserver can be started from cmd line by runing sqlservr -m, the error message

    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn>sqlservr.ex
    e -m
    2011-08-25 10:03:43.93 Server      Error: 17058, Severity: 16, State: 1.
    2011-08-25 10:03:43.93 Server      initerrlog: Could not open error log file ''.
     Operating system error = 3(failed to retrieve text for this error. Reason: 1510
    0).

    but sqlserver can be started from configuration manager.

    sqlserver was installed in windows 7 Pro sp 1 32bit and runs as local admin account.

    so here is not talking about how to getting in sql server but how to start the service in single user mode.

    any comments ,thanks!

    Thursday, August 25, 2011 2:28 AM
  • i met a exactly same problem.

    the problem is the sqlserver can be started from cmd line by runing sqlservr -m, the error message

    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn>sqlservr.ex
    e -m
    2011-08-25 10:03:43.93 Server      Error: 17058, Severity: 16, State: 1.
    2011-08-25 10:03:43.93 Server      initerrlog: Could not open error log file ''.
     Operating system error = 3(failed to retrieve text for this error. Reason: 1510
    0).

    but sqlserver can be started from configuration manager.

    sqlserver was installed in windows 7 Pro sp 1 32bit and runs as local admin account.

    so here is not talking about how to getting in sql server but how to start the service in single user mode.

    any comments ,thanks!


    my problem was solved.

    it seems in Win7 you have to run cmd as administrator to start the mssqlserver service. so I right clike on cmd.exe then run as administrator, after that sqlserver can be started by command NET start mssqlserver -m. another problem then coming up, a error msg tells there's only one connection can be connected to sqlserver in the single user mode when trying to login from ssms. i turned to use sqlcmd in the same cmd windows which was used to start the service. got in and just simply exec sp_addsvrrolemember 'localPCname\accountName','sysadmin' ; GO ;  done!  now all rights of the sql server came back!

    Thursday, August 25, 2011 6:31 AM
  • Thanks for posting back - this helped me a lot too!

    To get the server into single user mode (which is what the 'm' switch does) I had to run it as:

    net start mssqlserver /m

    It seems the switch needs a '/m' instead of a '-m' in the net start command.

    Then in the ERRORLOG I could see SQL Server saying it is in single user mode.

    Then I could log in and add the user - the strored proc is called 'sp_addsrvrolemember'.

    Then I could restart the server in normal mode and log in with the integrated security.

    I suspect login problem happened because the SQL Server was installed before the machine was added to the domain, but have no reference to why this would be a problem.

    -Govert

    Monday, October 31, 2011 1:18 PM