设为首页收藏本站
开启辅助访问

Error 18452 connecting from Windows domain joined to Managed Instance with Windows Authentication

 您所在的位置:网站首页 sql 错误18452 Error 18452 connecting from Windows domain joined to Managed Instance with Windows Authentication

Error 18452 connecting from Windows domain joined to Managed Instance with Windows Authentication

2024-07-10 07:13:25| 来源: 网络整理| 查看: 265

Connecting from Windows Server (running on Azure On-Premises domain joined), to Managed Instance, while using Windows Authentication method, fails with below error message:

 

 

Georgiana_Pache_0-1678914991837.png

 

The steps we have been through, troubleshooting this issue, are as follows:

 

we have created a Trusted Domain Object with SetupCloudTrust, then created GPO (Group Policy Object) setting to client machines using the incoming trust-based flow: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/winauth-azuread-setup-incoming-tr...

 

Georgiana_Pache_1-1678914991844.png

 

checking klist, we were seeing the below: Error calling API LsaCallAuthenticationPackage:

 

Georgiana_Pache_2-1678914991851.png

as per Configure Azure SQL Managed Instance for Windows Authentication for Azure Active Directory - Azure S..., we have tried to enable a system assigned service principal for the Managed Instance, but at this point, the option failed with "user attempted to use a feature which is disabled":Georgiana_Pache_3-1678915214324.png

 

the reason we were seeing "user attempted to use a feature which is disabled", is because the Managed Instance, was part of a Managed Instance Pool. So when you try to set system assigned service principal via Azure Portal, the portal  will send a PATCH request which only contains properties which should be updated, so the InstancePoolName property, is not sent in the request body.  this issue doesn't manifest with Azure CLI and Azure PowerShell, because both clients first fetch the instance (thus getting all of its properties), update the specified properties and then issue a PUT request which contains all of the Managed Instance's properties. Hence, we have been able to set up the system assigned service principal, via: az sql mi | Microsoft Learn as we were still unable to login to the Managed Instance, we reviewed carefully this article: How to set up Windows Authentication for Azure Active Directory with the incoming trust-based flow -... it seems that the issue was coming in from the space needed between kerberos and the / 

 

 

Georgiana_Pache_5-1678915698838.jpeg

This was able to fix our problem!

 

If you still encounter any issues on this topic, you can check the logs for more details: Enable Kerberos event logging - Windows Server | Microsoft Learn

 



【本文地址】

公司简介

联系我们

今日新闻

点击排行
实验室常用的仪器、试剂和
说到实验室常用到的东西,主要就分为仪器、试剂和耗
不用再找了,全球10大实验
01、赛默飞世尔科技(热电)Thermo Fisher Scientif
三代水柜的量产巅峰T-72坦
作者:寞寒最近,西边闹腾挺大,本来小寞以为忙完这
通风柜跟实验室通风系统有
说到通风柜跟实验室通风,不少人都纠结二者到底是不
集消毒杀菌、烘干收纳为一
厨房是家里细菌较多的地方,潮湿的环境、没有完全密
实验室设备之全钢实验台如
全钢实验台是实验室家具中较为重要的家具之一,很多

推荐新闻

图片新闻
实验室药品柜的特性有哪些
实验室药品柜是实验室家具的重要组成部分之一,主要
小学科学实验中有哪些教学
计算机 计算器 一般 打孔器 打气筒 仪器车 显微镜
实验室各种仪器原理动图讲
1.紫外分光光谱UV分析原理:吸收紫外光能量,引起分
高中化学常见仪器及实验装
1、可加热仪器:2、计量仪器:(1)仪器A的名称:量
微生物操作主要设备和器具
今天盘点一下微生物操作主要设备和器具,别嫌我啰嗦
浅谈通风柜使用基本常识
 众所周知,通风柜功能中最主要的就是排气功能。在

专题文章
    CopyRight 2018-2019 实验室设备网 版权所有 win10的实时保护怎么永久关闭