Monday, December 20, 2010

Login failed for user 'xxx\xxx'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.

We have done a huge migration work for a customer and sometimes I have seen this error after move of databases when the clients shall connect to the database on the new server.

Often when you see infrastructure error the windows log is logging as a madman. In those cases it has not. So it came to my mind that is must be something in the database. Sense we did not have any strategy to use old user and groups they often will exist in the database without any function. Often this is not a problem but there is one circumstance when it does.

This is when it has been used local groups on the source server. For example if I setup a new domain group and add user xxxx to this group and configure the necessary rights on the target SQL server/database for it this would work in normal circumstances. But not in this case. Suppose that this user xxxx was also a member of the old local group. When the user logon to the SQL server the security mechanism funds the user in this old group that still exist in the database and this would throw the error “Token-based server access validation failed with an infrastructure error”.
The solution is simple. Just delete the old group from the database :-)

Monday, December 13, 2010

CNAME alias for named instances

Is it a way to use this? No one can answer so I started to setup a test environment. I will be back with this issue soon.