我遇到了一个问题,我无法理解我从之前的DBA继承的几个SQL实例。
环境详情
基于以上所述,我希望所有属于Domain \ Group1成员的用户都能够登录到SQL服务器。但是,当用户尝试登录时,他们会收到错误消息
用户域\ xxxx(Microsoft SQL Server,错误18456)
登录失败
到目前为止检查问题的步骤: 检查SQL服务器上的错误日志,我可以看到以下两条消息
错误:18456,严重性:14,状态:5 用户'domain \ xxxx'登录失败。原因:找不到与提供的名称相匹配的登录信息
通过运行以下查询检查环形缓冲区
SELECT CONVERT (varchar(30), GETDATE(), 121) as runtime,
dateadd (ms, (a.[Record Time] - sys.ms_ticks), GETDATE()) as [Notification_Time],
a.* , sys.ms_ticks AS [Current Time]
FROM
(SELECT
x.value('(//Record/Error/ErrorCode)[1]', 'varchar(30)') AS [ErrorCode],
x.value('(//Record/Error/CallingAPIName)[1]', 'varchar(255)') AS [CallingAPIName],
x.value('(//Record/Error/APIName)[1]', 'varchar(255)') AS [APIName],
x.value('(//Record/Error/SPID)[1]', 'int') AS [SPID],
x.value('(//Record/@id)[1]', 'bigint') AS [Record Id],
x.value('(//Record/@type)[1]', 'varchar(30)') AS [Type],
x.value('(//Record/@time)[1]', 'bigint') AS [Record Time]
FROM (SELECT CAST (record as xml) FROM sys.dm_os_ring_buffers
WHERE ring_buffer_type = 'RING_BUFFER_SECURITY_ERROR') AS R(x)) a
CROSS JOIN sys.dm_os_sys_info sys
ORDER BY a.[Record Time] ASC
这会返回很多
0x534 LookupAccountSidInternal LookupAccountSid 63 178 RING_BUFFER_SECURITY_ERROR
已检查的SPN,似乎所有注册都正常,运行以下代码返回KERBEROS
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid ;
检查以下两行代码生成预期结果;第一个列出了组的所有成员,第二个列出了从用户到组的路径
的路径Exec xp_logininfo 'Domain\Group1', 'members'
Exec xp_logininfo 'Domain\xxxx', 'all'
单独添加用户,他们可以访问服务器
我完全被困住了!