Error: 18452, Severity: 14, State: 1 is a notoriously difficult SQL Server error code to troubleshoot. If associated with Error: 17806, Severity: 20, State: 2 , another layer of complication is added. A typical combination of these error codes would appear in the SQL Server Error Log , such as :
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: xxxxxxx] Error: 17806, Severity: 20, State: 2. SSPI handshake failed with error code 0x80090311 while establishing a connection with integrated security; the connection has been closed. [CLIENT:xxxxxx] Error: 18452, Severity: 14, State: 1.
- Breaking these codes down into smaller parts helps the troubleshooting process
- Error: 18452, Severity: 14, State: 1 - The login may use Windows Authentication but the login is an unrecognized Windows principal. An unrecognized Windows principal means that Windows can't verify the login. This might be because the Windows login is from an untrusted domain.
- Error: 17806, Severity: 20, State: 2 (0x80090311) - 0x80090311 error refers to "No authority could be contacted for authentication" which means the user cannot contact Active Directory to get a ticket.
- Troubleshooting this error code in different environments, these are some patterns. It may provide some context for troubleshooting
- The client is having issues communicating with the domain controller.. In this situation , an immediate fix maybe to restart the client . If it doesn’t solve the problems – network support is your next call
- Between trusted domains, both networks are having issues communicating between each other. Contact network support
- Network is under heavy load. Start an investigation to identify the source of extra load and decrease load or increase capacity.
- This set of errors indicates to not being able to reach a domain controller to login. The error appears because the domain controller cannot pass the Kerberos token to the process to use in the SSPI part