• State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 32 subscribers
  • Views 8174 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SSPI Handshake Failed

dmeiser

Every couple of months, our SQL cluster will start throwing the following error:

SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed


The reported client is Orion and it appears to be caused by AppInsight for SQL.  A reboot of the Orion server fixes the issue.


Obviously, we'd really like to get rid of the error together, but we'd take any pointers in any direction.


Thanks! 

  • 0

    This error can occur with AppInsight for SQL is unable to connect to the remote SQL server. One of the retry mechanisms is try different authentication methods when it is unable to connect. These attempts can result in errors like these appearing in the event log.

  • 0

    This was actually related to the monitoring user being disabled several days prior.  Though it did not start immediately, a reboot of Orion fixed the issue.

  • 0

    SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed   [CLIENT: xx.xx.xx.xx]

    and then these:

    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: xx.xx.xx.xx]

    We are constantly getting this message and solarwinds support has almost given up trying to help us.  Is this message from the Windows attempt or the SQL local attempt?

  • 0 in reply to cfizz34

    cfizz34​, can we assume you're seeing these errors in the SQL error log, or are they appearing in AppInsight for SQL? When these errors occur, is AppInsight for SQL collecting data and reporting it accurately, or is polling broken? 

  • 0 in reply to aLTeReGo

    yes, this occurs in the 'SQL Error Log' and causes the DBA's to get alerts which they have about had enough and they asked us to pull the plug on AppInsight for SQL.  Polling usually returns the correct data but we do get a lot of unknowns as well and the constant SSPI alerts..

    I've even tried applying this tip and setting the value to 1 but it did not help.

    WMI on Windows Server 2012

    DESCRIPTION:   SSPI
    handshake failed with error code 0x8009030c, state 14 while establishing a connection
    with integrated security; the connection has been closed. Reason:
    AcceptSecurityContext failed. The Windows error code indicates the cause of
    failure. The logon attempt failed  

  • 0 in reply to cfizz34

    One thing that is interesting is that from time to time as well certain databases that were polling correctly change to UNKNOWN yet other databases on the same instance are reporting fine.

    BTW, we are using AAG's with multiple AAG's on the same instance with multiple listeners, one listener per AAG.

    unknown.jpg  few minutes later....good.jpg

  • 0 in reply to cfizz34

    These errors should only occur when there is a polling issue collecting data from AppInsight for SQL. A fallback mechanism is used to revert to the secondary authentication mechanism in the event we are unable to connect using the primary authentication method.

  • 0 in reply to aLTeReGo

    We are able to work around the issue by changing the polling service account that we use for everything else to the same service account running the SQL server service.

  • 0 in reply to aLTeReGo

    Can we disable the secondary authentication mechanism?  It looks like we are experiencing a timeout for the Top Indexes for Database with the local SQL account which is then trying the backup authentication triggering this error.

    What is odd in our case is that this is happening when we are monitoring the Orion DB itself with SQL AppInsight. The local SQL account we use which is the same one that we use with the config wizard. The password and account has never changed.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.