You may not be able to connect to a SQL Server that is running on a Windows Server 2003 computer by using Windows authentication (840219)

SYMPTOMS

After you log on to your computer that is running Microsoft Windows Server 2003 by using a Windows user account that has local administrator credentials on your computer, if you try to connect to an instance of Microsoft SQL Server that is running on the computer by using Windows Authentication, the connection may not be successful.

If you use the osql command-line utility to connect to the instance of SQL Server, you may receive the following error message:

If you use SQL Query Analyzer to connect to the instance of SQL Server, you may receive the following error message:

Unable to connect to server NameOfTheInstanceOfSQLServer

Server: Msg 18452, Level 16, State 1
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

This problem occurs when all the following conditions are true:

The instance of SQL Server uses the TCP/IP server network library for client connections.
A Windows user account that is different from the current Windows logon account is set as the service account for the MSSQLServer service that corresponds to your instance of SQL Server.

RESOLUTION

To resolve the problem, you must change the user rights settings on your computer to give sufficient permissions to the Windows user account that is used to connect to the instance of SQL Server. To do this, follow these steps.

Note If the Windows user name that is used to connect to the instance of SQL Server is a domain user name and is not a local user name on your computer, you must change the user rights settings by using the Active Directory Users and Computers Microsoft Management Console (MMC) on the computer that acts as the domain controller.

Click Start, point to Administrative Tools, and then click Local Security Policy.
In the left pane of the Local Security Settings window, expand Local Policies, and then click User Rights Assignment.

In the right pane, modify the settings of the policies to add the users who are mentioned in the following table. To do this, under the Policy column header, double-click the corresponding policy, click Add User or Group, and then add a user or group to the policy.

User right	Policy	Security setting
SeImpersonatePrivilege	Impersonate a client after authentication	Administrators, SERVICE
SeLockMemoryPrivilege	Lock pages in memory	Windows User, Administrators
SeBatchLogonRight	Log on as a batch job	Windows User
SeAssignPrimaryTokenPrivilege	Replace a process level token	Windows User
SeEnableDelegationPrivilege	Enable computer and user accounts to be trusted for delegation	Administrators
SeChangeNotifyPrivilege	Bypass traverse checking	Windows User
SeServiceLogonRight	Log on as a service	Windows User, Administrators

Note "Windows User" indicates the Windows user name that is used to connect to the instance of SQL Server. Before you provide these user rights to the Windows user, make sure that the Windows user is eligible for these user rights on the computer that is running the instance of SQL Server.

Close the Local Security Settings window.
Restart the instance of SQL Server.

Additionally, if the user rights settings on your computer are defined by using a security template, you must make sure that the specified user rights are modified accordingly in the corresponding security template.

MORE INFORMATION

Steps to reproduce the behavior

Log on as an administrator on the computer that is running the instance of SQL Server.
Create a new Windows user that is named User1 on your computer, and then make sure that the User1 Windows user account has local administrator credentials on your computer.
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Administrative Tools.
In the Administrative Tools window, double-click Local Security Policy.
In the left pane of the Local Security Settings window, expand Local Policies, and then click User Rights Assignment.

In the right pane, modify the setting of the policies to add the corresponding users who are mentioned in the following table:

User right	Policy	Security setting
SeImpersonatePrivilege	Impersonate a client after authentication	None
SeLockMemoryPrivilege	Lock pages in memory	None
SeServiceLogonRight	Log on as a service	Administrators
SeBackupPrivilege	Back up files and directories	User1, Administrators
SeDebugPrivilege	Debug programs	Administrators
SeIncreaseBasePriorityPrivilege	Increase scheduling priority	User1, Administrators group
SeSecurityPrivilege	Manage auditing and security log	Administrators
SeRestorePrivilege	Restore files and directories	User1, Administrators
SeIncreaseQuota	Adjust memory quotas for a process	User1, Administrators

Close the Local Security Settings window.
Make sure that the instance of SQL Server is configured to use the TCP/IP server network library for the client connections, and then restart your instance of SQL Server.
Make sure that the current Windows logon account is set as the service account for your instance of SQL Server.
Restart your instance of SQL Server.
Log off, and then log on to the computer by using the Windows user User1 account.
At a command prompt, type the following command to connect to the instance of SQL Server:
osql -S NameOfTheInstanceOfSQLServer -E
You receive the error message that is mentioned in the "Symptoms" section.

You may not be able to connect to a SQL Server that is running on a Windows Server 2003 computer by using Windows authentication (840219)

SYMPTOMS

CAUSE

RESOLUTION

WORKAROUND

MORE INFORMATION

Steps to reproduce the behavior