Discovery: A MSSQL / JDBC connection fails with "Unable to open a connection to the database: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication"

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Discovery


    COMPONENT:

    BMC Discovery 11.2


    APPLIES TO:

    BMC Discovery



    PROBLEM:

    A MS SQL / JDBC connection fails with the following error (found in the Discovery Access)

      Unable to open a connection to the database: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication
      
    The credential (login+password+domain) works with Authentication="Windows Authentication" in MS SQL UIs such as MS SQL Management Studio.  

    The MS SQL database is configured as mixed mode ("SQL Server and Windows Authentication Mode") in the server properties of the database. 

    The Discovery integration log says:  
      RequestProcessor-5: 2018-03-05 08:32:35,671: com.tideway.integrations.providers.sql.SQLProvider: INFO: Connecting to jdbc:jtds:sqlserver://<ip>:1436/<db name>;domain=<domain>;useNTLMv2=true; with username <user>  
    RequestProcessor-5: 2018-03-05 08:32:36,257: com.tideway.integrations.providers.sql.SQLProvider:    INFO: Could not connect to jdbc:jtds:sqlserver://<ip>:1436/<db name>;domain=<domain>;useNTLMv2=true; with username <user>:    Unable to open a connection to the database: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
      
    The event log of the scanned machine may contain this error:  
      Login failed for user '<domain>\<user>'. Reason: Attempting to use an NT account name with SQL Server Authentication. [CLIENT: <ip of addm>]
      
    The problem is the same with the JDBC connection strings below 
    jdbc:jtds:sqlserver://<ip>:1436/<db name>;domain=<domain>;useNTLMv2=true; 
    jdbc:jtds:sqlserver://<ip>:1436/<db name>;domain=<domain>;useNTLMv2=true 
    jdbc:jtds:sqlserver://<ip>:1436/<db name>;domain=<domain>;useNTLMv2=TRUE; 
    jdbc:jtds:sqlserver://<ip>:1436/<db name>;domain=<domain>;useNTLMv2=TRUE 
      

     


    CAUSE:

    The database requires something specific to it in the JDBC connection.


    SOLUTION:

    To confirm that this does not depend on Discovery, the quickest/safest way is to 
    - Download a JDBC test tool such as the following (it already contain the jtds driver used by Discovery):
    http://razorsql.com/download_win.html
    - Try to connect with the same jdbc parameters

    If the error message is the same, it will confirm that it is independent from Discovery.

    Additionally, in one case, a customer noted that by adding the following additional parameter to the credential:
    domain=<nt_domain>
    and removing the domain from the credential itself, the credential worked as expected.

    In another case, the solution was to specify the JDBC parameter 'databaseName=master'
    See https://docs.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties.
    extract: "databaseName: The name of the database to connect to. If not stated, a connection is made to the default database."
    This implies that in certain specific cases, the connection to the default database fails.


    Article Number:

    000348788


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles