I have seen many articles on this subject, but have yet to resolve the issue.
I have IIS on one server and SQL Server 2005 on a second server. Both are stand alone servers and not part of a domain. The SQL Server is sitting behind a firewall with the proper 1433 port being opened. With the firewall set to passing everything and no
restrictions, the same error occurs.
Here is what I have thus far:
<div mce_keep="true">Identical local users created on each server with the same password.</div>
<div mce_keep="true">The local username and password are correctly stored in the registry using ASPNET_SETREG program.</div>
<div mce_keep="true">The local user is authorized to log onto the server and are currently part of the Users group on both servers.</div>
There is an AppPool in IIS set up to use this local user.
<div mce_keep="true">This local user on the IIS Server is permissioned to read the registry values to obtain the encrypted userName and password to send to the SQL Server for authentication.</div>
<div mce_keep="true"> <div mce_keep="true">A login and user in SQL Server has been created from local (Windows) user and is granted proper permissions to access the database in question.</div></div>
<div mce_keep="true"> <div mce_keep="true">web.config has the proper entry <identity Impresenation ="true" ... />.</div></div>
I don't know what I'm missing.
If the servers are added to a domain and a domain user is used, everything works fine. However, the security policies I need to work with prohibit public webservers from being part of the domain and this particular database must also be isolated from our
internal LAN and domain.
I've seen many posts on this and I think that I'm doing everything that is said to do.
Chris
iis 6.0 windows impersonationauthenticationIIS Authentication Guest accountIIS 6.0ASPNETSecurity User Rights Assignmentusers account"stand-alone servers"
Chris55
4 Posts
SSPI handshake failed and "Login failed for user ''. ..."
Jan 14, 2008 10:08 PM|LINK
I have seen many articles on this subject, but have yet to resolve the issue.
I have IIS on one server and SQL Server 2005 on a second server. Both are stand alone servers and not part of a domain. The SQL Server is sitting behind a firewall with the proper 1433 port being opened. With the firewall set to passing everything and no restrictions, the same error occurs.
Here is what I have thus far:
I don't know what I'm missing.
If the servers are added to a domain and a domain user is used, everything works fine. However, the security policies I need to work with prohibit public webservers from being part of the domain and this particular database must also be isolated from our internal LAN and domain.
I've seen many posts on this and I think that I'm doing everything that is said to do.
Chris
iis 6.0 windows impersonation authentication IIS Authentication Guest account IIS 6.0 ASPNET Security User Rights Assignment users account "stand-alone servers"
tomkmvp
7657 Posts
MVP
Moderator
Re: SSPI handshake failed and "Login failed for user ''. ..."
Jan 15, 2008 12:12 PM|LINK
What does your connection string look like? You may also get better help over at http://forums.asp.net/ ...
http://mvp.support.microsoft.com/
Chris55
4 Posts
Re: SSPI handshake failed and "Login failed for user ''. ..."
Jan 15, 2008 01:59 PM|LINK
Here's the connection string I have. It is an instanced SQL Server btw.
"Server=SQLSERVERINSTANCE; Integrated Security=SSPI; Persist Security Info=false; Initial Catalog=DBNAME; Pooling=true; Min Pool Size = 12; Connection Timeout = 30; "
tomkmvp
7657 Posts
MVP
Moderator
Re: SSPI handshake failed and "Login failed for user ''. ..."
Jan 15, 2008 08:20 PM|LINK
Do you have to use Integrated Security? That always seems to be problematic, especially in non-intranet scenarios.
http://mvp.support.microsoft.com/
Chris55
4 Posts
Re: SSPI handshake failed and "Login failed for user ''. ..."
Jan 15, 2008 10:23 PM|LINK
Yes I am. And yes it seems to be.
What do your recommend?
Chris
tomkmvp
7657 Posts
MVP
Moderator
Re: SSPI handshake failed and "Login failed for user ''. ..."
Jan 15, 2008 11:58 PM|LINK
SQL Server security, and set the username and password in the connection string.
http://mvp.support.microsoft.com/
Chris55
4 Posts
Re: SSPI handshake failed and "Login failed for user ''. ..."
Jan 16, 2008 02:52 PM|LINK
I was hoping to not have to do it that way if possible. But I will encrypt the user name and password.