SQL server login failed: Login Failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)

If the SQL server after we install the server alias (CNAME in DNS), the server can not connect to the name.

Solution:
Disable NTLM reflection protection

Create a new DWORD with the name DisableLoopbackCheck and value 1 in the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Restart the computer. Done.

Update:
This opens it for Man In The Middle attacks, not use in public machine, only for test!

Update #2: (a correct solution)

Register a SPN for the SQL Service
SetSpn -A MSSQLSvc/_fqdn_name_:1433 DOMAIN\sql_service_account

One Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s