Login failed for user '(null)'. Reason: Not associated with a trus

[Guest]

I got the following error message when I access the web application, in which
the web application use SPPI to connect to database.

"Login failed for user '(null)'. Reason: Not associated with a trusted
connection"

The web application is grant to a group only in web.config
<authorization>
<allow roles="Domain\AGroup" />
<deny users="*" />
</authorization>

I have two 2 accounts, userA and userB, which belong to the same group
"Domain\AGroup". userA can access the web application successfully, whereas
userB cannot and prompted the above error.

Do all you have encountered the same problem?

Thanks!

 

[Scott Allen]

Is the database on the same machine?
Are you using impersonation <identity impersonate="true"/> ?

 

[Guest]

yes, i used impersonation <identity impersonate="true"/> in the web.config.
if i didn't, all accounts, userA and userB should failed to connect to
database.
however, acount, userA can access succesfully!

the database is installed on another machine from the web application.

 

[Patrick Olurotimi Ige]

Boy
U are saying User! can log in successfully but UserB can't!
Thats wierd.
But do they both have the ASPNET account?
Try adding the 2 users to the ASPNET acct..
Hope this helps
Patrick

 

[Guest]

Um.
Both UserA and UserB can pass the IIS authentication. After authentication,
their identities were impersonated to access database. However, only UserA
can access db succesffully.

 

[Patrick Olurotimi Ige]

Can UserB access the DB now?

 

[Guest]

The following result is the result i got at the very beginning, event though
i haven't added them to the ASPNET account.
-- Um.
-- Both UserA and UserB can pass the IIS authentication. After
authentication,
-- their identities were impersonated to access database. However, only UserA
-- can access db succesffully.


Your suggested method is used to allow both users to pass the
authentication, am i right? However, my problem is...both users can pass the
NT/IIS authentication.

 

[Patrick Olurotimi Ige]

If you use Query Analyzer Can both users login to the Database?
Try adding the users to ASPNET account?
Are u in a DOMAIN environment?
And how are u connecting to the Database? Are u using Windows
Authentication?
Patrick

 

[Scott Allen]

My suggestion would be to launch SQL Profiler and see what accounts
the database server is actually seeing when the users try to connect.
SQL Profiler will allow you to watch login/logout events.
Alternatively you could use the SQL audit log in enterprise manager.

The reason I say you should see what accounts are incoming is that
impersonation doesn't work if there is a second hop involved across
the network. If UserA is actually logged into the web server and
running IE then impersonation works, because UserA's credentials only
make one hop (from the web server to the database server). If UserB is
on a third machine, then UserB's credentials can hop from the client
machine to the web server, but can't make a second hop from the web
server to the database server.

HTH,

 

[Guest]

The situation is the same for all users.
User A & B--> Web Server (impersonation) --> database.

I found from the event log(event viewer) of web server that both user can
successfully login the web server. i.e. userB can't make a second hop from
the web
server to the database server, but userA....

what's going on...!?!?


I did another testing.....I migrated the web server to another server. Both
userA and userB can access database now. Problem solved.
However, i want to figure out...what's wrong the orginal server's
configuration.....

Anyway, thx alot your reply

 

[Guest]

did anyone else encounter the same problem!!!

Help Help Help

 

[Patrick Olurotimi Ige]

Boy,
Sql Profiler could really help as previous post adviced!
Any if u finally got where u got stuck.
It would be nice if you can hint back

 

[Guest]

I still can't find the solution. I just migrated the web application for
testing only. I need to find out what's going on with the original server....

anyway, how can the SQL Profiler be help? can u elaborate more?

 

[Scott Allen]

With profiler you can see who is logging in, with the audit logs in
SQL you can see who failed to login. Perhaps UserA is getting in
because they are in different Windows groups than userB...

 

[Guest]

Thanks and let me try.

Out of energy on this issue~!
UserB failed to access to the db for all the servers in the webfarm, but
UserB can access to the db successfully when i put the web application in a
stand-alone server...