none
SSPI Handshake failed with error 0x80090311 RRS feed

  • Question

  • Hi,

     

    I had to restart our SBS 2003 box earlier which then caused a problem on our SQL 2008 server. The errors reported whilst the DC was down are:

    Event Type:    Error
    Event Source:    MSSQLSERVER
    Event Category:    Logon
    Event ID:    17806
    Date:        25/10/2010
    Time:        13:41:41
    User:        N/A
    Computer:    SQL
    Description:
    SSPI handshake failed with error code 0x80090311 while establishing a connection with integrated security; the connection has been closed. [CLIENT: 10.0.0.14]

    Event Type:    Failure Audit
    Event Source:    MSSQLSERVER
    Event Category:    Logon
    Event ID:    18452
    Date:        25/10/2010
    Time:        13:41:35
    User:        N/A
    Computer:    SQL
    Description:
    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 10.0.0.14]

    I can partly understand why this would occur with the dc temporarily down but what I can't work out is why it is trying to authenticate against the IP address there. That is the IP of a DC demoted some time ago. The SQL Server only has the IP of the SBS as it's preferred DNS server, DCPromo was successful when the old dc was demoted, there are no references to the old server in AD Sites and Services, no stray DNS entries in both forward and reverse zones, I just ran ntdsutil.exe and cannot see the old DC in there either and both the SQL and SBS are on the same subnet.

    If anyone has any ideas I would be very grateful :)

    Thanks

    Paul

    Monday, October 25, 2010 4:26 PM

Answers

  • Was the former DC cleanly and completly demoted?

    If dclocator is returning the old DC to SQL then there's more cleanup to do.

    Try a "netdom query DC" and see if it still shows up. ( there still could be stale DNS SRV records left )

     


    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by the1paulcole Wednesday, October 27, 2010 10:10 AM
    Monday, October 25, 2010 9:55 PM
    Moderator

All replies

  • Was the former DC cleanly and completly demoted?

    If dclocator is returning the old DC to SQL then there's more cleanup to do.

    Try a "netdom query DC" and see if it still shows up. ( there still could be stale DNS SRV records left )

     


    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by the1paulcole Wednesday, October 27, 2010 10:10 AM
    Monday, October 25, 2010 9:55 PM
    Moderator
  • Hi Kevin, it was when I did this yes. DCpromo went straight through without any errors at all. I've just been back over everything and I did find 1 stray DNS entry which I have now removed. Before I did this, I ran the netdom query and it was correctly showing only the one DC. I won't know for sure it was the DNS until I can restart the DC tomorrow morning.

    Thanks

    Paul

    Tuesday, October 26, 2010 11:32 AM
  • Probably worthwile to run the SBS best Practices Analyzer and a DCDIAG /c /v as well.

    Even an apparent clean demotion can leave 'remnants' behind.


    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, October 26, 2010 6:17 PM
    Moderator
  • All sorted. Thanks for the advice :) The DCDIAG and SBS BPA both passed fine.
    Wednesday, October 27, 2010 10:11 AM
  • How does this effect the SQL servers cluster, if only SRV suppression was done on the 2008 Domain Controllers?
    Wednesday, September 11, 2019 6:55 AM