The login is from an untrusted domain and cannot be used with windows authentication

I am trying to host a SQL server database, but whenever I try to connect to it I get this error:

The login is from an untrusted domain and cannot be used with Windows
authentication

I am connecting through Matlab using the following command:

conn = database('Clinical_Data','DoyleLab07\Acc','','com.microsoft.sqlserver.jdbc.SQLServerDriver','jdbc:sqlserver://DOYLELAB07\SQLEXPRESS:54287;database=Clinical_Data;integratedSecurity=true;').

Connecting to the database using matlab worked fine as long as I was using matlab on the computer which I was using to host the server. However, when I use another computer and the same Matlab command I get the error I showed above.

When I look under control panel\system. I notice that no domain is listed on my host PC or the PC I am using to connect to the host, but both computers are in the same workgroup. Would I be able to fix my problem by creating a domain and adding the foreign PC and the host to that domain? If so, how can this be accomplished?

Any suggestions will be very much appreciated.
Thank you for reading my post.

Getting rid of Integrated Security=true worked for me.

This error message can also occur if the account you are using to access the SQL server is locked out by the domain.

As mentioned here, you might need to disable the loopback

Loopback check can be removed by adding a registry entry as follows:

• Edit the registry using regedit. (Start –> Run > Regedit )
• Navigate to: HKLM\System\CurrentControlSet\Control\LSA
• Add a DWORD value called “DisableLoopbackCheck” Set this value to 1

answered Feb 13, 2019 at 15:48

answered Apr 9, 2019 at 9:19

Why not use a SQL Server account and pass both the user name and password?

Here is the reason why.

In short, it looks like you have an authentication issue.

The problem with workgroups is there is no common Access Control List like Active Directory (AD). If you are using ODBC or JDBC, the wrong credentials are passed.

Even if you create a local windows account (LWA) on the machine (SE) that has SQL Express installed (SE\LWA), the credentials that will be passed from your client machine (CM) will be CM\LWA.

Same Error with Connection String in Visual Studio dev environment

Our development database server was recently given a self-signed certificate so it automatically became untrusted. This resulted in the login error cited above. I added TrustServerCertificate=True to my connection string and it works now.

"Server=TheServerAddress; Database=TheDataBase; User Id=TheUsername; Password=ThePassword; TrustServerCertificate=True"

NOTE: This certificate configuration is not recommended for production environments.

answered Feb 22, 2022 at 22:46

answered Feb 15, 2022 at 9:07

In my case the Aliases within SQL Native Client 11.0 Configuration were pointing to invalid server/IP. Once updated it worked correctly.

To check:
1. Start «SQL Server Configuration Manager»
2. Navigate to «SQL Native Client 11.0 Configuration» and then «Aliases»
3. Ensure «Alias Name» and «Server» match correctly for TCP/IP

Following worked for me to get access from another machine to SQL Server using Windows Authentication. This approach may be useful only in development/test environment. E.g. you need to update password manually once you change it on your working machine.

On machine with SQL Server go to Control Panel and add new Windows User with same username and password as is on your working machine. Then create SQL Server login for this user:

CREATE LOGIN [SQLSERVERHOST\myuser] FROM WINDOWS;

Now you can use this login for Windows Authentication.

If you receive error ‘The login is from an untrusted domain’, this may mean that you changed password on your working machine and now need to update password on SQL Server machine.

answered Nov 30, 2018 at 9:51

Just adding my suggestion for a resolution, I had a copy of a VM server for developing and testing, I created the database on that with ‘sa’ having ownership on the db.

I then restored the database onto the live VM server but I was getting the same error mentioned even though the data was still returning correctly. I looked up the ‘sa’ user mappings and could see it wasn’t mapped to the database when I tried to apply the mapping I got a another error «Fix: Cannot use the special principal ‘sa’. Microsoft SQL Server, Error: 15405». so I ran this instead

ALTER AUTHORIZATION ON DATABASE::dbname TO sa

I rechecked the user mappings and it was now assigned to my db and it fixed a lot of access issues for me.

answered Mar 4, 2019 at 15:22

Joining a WORKGROUP then rejoining the domain fixed this issue for me.

I got this error while using Virtual Box VM’s. The issue started to happen when I moved the VM files to a new drive location or computer.

Hope this helps the VM folks.

answered Feb 25, 2021 at 15:52

answered May 31, 2019 at 13:34

answered Jun 19, 2019 at 11:28

answered Jul 16, 2019 at 11:48

Yet another thing to check:

We had our nightly QA restore job stop working all of a sudden after another developer remoted into the QA server and tried to start the restore job during the middle of the day, which subsequently failed with the «untrusted domain» message. Somehow the server pointed to be the job’s maintenance plan was (changed?) using the ip address, instead of the local machine’s name. Upon replacing with the machine name the issue was resolved.

answered Sep 23, 2019 at 14:24

TLDR: Changing the DNS server to the loop back address worked for me.

I am working in VirtualBox and had setup two Windows Server 2016 instances. Server A is configure as a Domain Controller and Server B as an SQL Server. After adding Server B to the domain I cold not connect to with Management Studio from Server A. I was getting the «The login is from an untrusted domain and cannot be used with Windows authentication».

My initial configuration had the server getting its IP from the VirtualBox DHCP server.

I changed this to use static IP and entered the 127.0.0.1 address in the Primary DNS and this worked for me.

Hope this helps someone passing by.

answered Jan 2, 2021 at 18:09

In .net Core also you may get this error if Trusted_Connection=True;
Is set. Sample setting in appsettings.json

ConnectionStrings": {
"DefaultConnection": "Server=serverName; Database=DbName; uid=userId; pwd=password; MultipleActiveResultSets=true"

},

Sometime SSMS hang and close all of sudden ,then you get below error when you reconnect to SSMS

i) The Login is From an Untrusted Domain and Cannot be Used with Windows Authentication

OR

ii) The target principal name is incorrect .Cannot generate SSPI context.

In both cases RESTART YOUR MACHINE.

answered May 30, 2022 at 5:29

I also had a similar error but then I realised I just had changed the password for my system which caused this error.

To resolve it , I simply logged out of the current session and logged in again and this time

answered Aug 22, 2022 at 11:36

add TrustServerCertificate=»true»

similar option in MSSMS

also in command line run

ipconfig /flushdns
klist purge

answered Apr 13 at 7:57

answered May 20, 2020 at 11:33

I am trying to host a SQL server database, but whenever I try to connect to it I get this error:

The login is from an untrusted domain and cannot be used with Windows
authentication

I am connecting through Matlab using the following command:

conn = database('Clinical_Data','DoyleLab07\Acc','','com.microsoft.sqlserver.jdbc.SQLServerDriver','jdbc:sqlserver://DOYLELAB07\SQLEXPRESS:54287;database=Clinical_Data;integratedSecurity=true;').

Connecting to the database using matlab worked fine as long as I was using matlab on the computer which I was using to host the server. However, when I use another computer and the same Matlab command I get the error I showed above.

When I look under control panel\system. I notice that no domain is listed on my host PC or the PC I am using to connect to the host, but both computers are in the same workgroup. Would I be able to fix my problem by creating a domain and adding the foreign PC and the host to that domain? If so, how can this be accomplished?

Any suggestions will be very much appreciated.
Thank you for reading my post.

Getting rid of Integrated Security=true worked for me.

This error message can also occur if the account you are using to access the SQL server is locked out by the domain.

As mentioned here, you might need to disable the loopback

Loopback check can be removed by adding a registry entry as follows:

• Edit the registry using regedit. (Start –> Run > Regedit )
• Navigate to: HKLM\System\CurrentControlSet\Control\LSA
• Add a DWORD value called “DisableLoopbackCheck” Set this value to 1

answered Feb 13, 2019 at 15:48

answered Apr 9, 2019 at 9:19

Why not use a SQL Server account and pass both the user name and password?

Here is the reason why.

In short, it looks like you have an authentication issue.

The problem with workgroups is there is no common Access Control List like Active Directory (AD). If you are using ODBC or JDBC, the wrong credentials are passed.

Even if you create a local windows account (LWA) on the machine (SE) that has SQL Express installed (SE\LWA), the credentials that will be passed from your client machine (CM) will be CM\LWA.

Same Error with Connection String in Visual Studio dev environment

Our development database server was recently given a self-signed certificate so it automatically became untrusted. This resulted in the login error cited above. I added TrustServerCertificate=True to my connection string and it works now.

"Server=TheServerAddress; Database=TheDataBase; User Id=TheUsername; Password=ThePassword; TrustServerCertificate=True"

NOTE: This certificate configuration is not recommended for production environments.

answered Feb 22, 2022 at 22:46

answered Feb 15, 2022 at 9:07

In my case the Aliases within SQL Native Client 11.0 Configuration were pointing to invalid server/IP. Once updated it worked correctly.

To check:
1. Start «SQL Server Configuration Manager»
2. Navigate to «SQL Native Client 11.0 Configuration» and then «Aliases»
3. Ensure «Alias Name» and «Server» match correctly for TCP/IP

Following worked for me to get access from another machine to SQL Server using Windows Authentication. This approach may be useful only in development/test environment. E.g. you need to update password manually once you change it on your working machine.

On machine with SQL Server go to Control Panel and add new Windows User with same username and password as is on your working machine. Then create SQL Server login for this user:

CREATE LOGIN [SQLSERVERHOST\myuser] FROM WINDOWS;

Now you can use this login for Windows Authentication.

If you receive error ‘The login is from an untrusted domain’, this may mean that you changed password on your working machine and now need to update password on SQL Server machine.

answered Nov 30, 2018 at 9:51

Just adding my suggestion for a resolution, I had a copy of a VM server for developing and testing, I created the database on that with ‘sa’ having ownership on the db.

I then restored the database onto the live VM server but I was getting the same error mentioned even though the data was still returning correctly. I looked up the ‘sa’ user mappings and could see it wasn’t mapped to the database when I tried to apply the mapping I got a another error «Fix: Cannot use the special principal ‘sa’. Microsoft SQL Server, Error: 15405». so I ran this instead

ALTER AUTHORIZATION ON DATABASE::dbname TO sa

I rechecked the user mappings and it was now assigned to my db and it fixed a lot of access issues for me.

answered Mar 4, 2019 at 15:22

Joining a WORKGROUP then rejoining the domain fixed this issue for me.

I got this error while using Virtual Box VM’s. The issue started to happen when I moved the VM files to a new drive location or computer.

Hope this helps the VM folks.

answered Feb 25, 2021 at 15:52

answered May 31, 2019 at 13:34

answered Jun 19, 2019 at 11:28

answered Jul 16, 2019 at 11:48

Yet another thing to check:

We had our nightly QA restore job stop working all of a sudden after another developer remoted into the QA server and tried to start the restore job during the middle of the day, which subsequently failed with the «untrusted domain» message. Somehow the server pointed to be the job’s maintenance plan was (changed?) using the ip address, instead of the local machine’s name. Upon replacing with the machine name the issue was resolved.

answered Sep 23, 2019 at 14:24

TLDR: Changing the DNS server to the loop back address worked for me.

I am working in VirtualBox and had setup two Windows Server 2016 instances. Server A is configure as a Domain Controller and Server B as an SQL Server. After adding Server B to the domain I cold not connect to with Management Studio from Server A. I was getting the «The login is from an untrusted domain and cannot be used with Windows authentication».

My initial configuration had the server getting its IP from the VirtualBox DHCP server.

I changed this to use static IP and entered the 127.0.0.1 address in the Primary DNS and this worked for me.

Hope this helps someone passing by.

answered Jan 2, 2021 at 18:09

In .net Core also you may get this error if Trusted_Connection=True;
Is set. Sample setting in appsettings.json

ConnectionStrings": {
"DefaultConnection": "Server=serverName; Database=DbName; uid=userId; pwd=password; MultipleActiveResultSets=true"

},

Sometime SSMS hang and close all of sudden ,then you get below error when you reconnect to SSMS

i) The Login is From an Untrusted Domain and Cannot be Used with Windows Authentication

OR

ii) The target principal name is incorrect .Cannot generate SSPI context.

In both cases RESTART YOUR MACHINE.

answered May 30, 2022 at 5:29

I also had a similar error but then I realised I just had changed the password for my system which caused this error.

To resolve it , I simply logged out of the current session and logged in again and this time

answered Aug 22, 2022 at 11:36

add TrustServerCertificate=»true»

similar option in MSSMS

also in command line run

ipconfig /flushdns
klist purge

answered Apr 13 at 7:57

answered May 20, 2020 at 11:33