MSA Account's password change causes failure to connect to SQL DB


  • Hey,

    I have an MSA account which runs an IIS application pool in my organization.

    Seems that every 30 days, when the MSA account automatically resets its password, the site cannot connect to the SQL DB (this DB is located on a different AD Forest, a trust exists).

    This is the error : the login is from an untrusted domain and cannot be used with Windows authentication.

    Mostly after about 10-15 minutes, the problem resolves itself (maybe the connection reopened, not sure).

    1.Is the GAP caused by replication between DCs? as far as I am aware of, when a trust exists, the DB's server should query the DC's of the trusted Domain in case the authentication failed (I could be wrong here), trying to see if the problem is replication here.

    2.When the MSA account changes its password, and there is an open connection to the SQL DB, is the connection expected to fail because of the password change? Must I force the IIS application to close the connection and reopen it somehow?

    This happens on multiple MSA accounts, on multiple IIS servers, on multiple environments, with different OS, some environments has Server 2008 R2, and some has 2012 R2.

    Thank you for your help!

    Sunday, January 8, 2017 5:12 PM

All replies