- MSSQLSERVER_15401 MSSQLSERVER_15401
- Сведения Details
- Пояснение Explanation
- Причина Cause
- Рекомендуемые действия User action
- Проверьте имя для входа, которое вы пытаетесь добавить Verify the login you are trying to add
- Проверьте доступность контроллера домена Verify if the domain controller is available
- Проверьте доменное имя для локальных учетных записей Verify the domain name for local accounts
- Проверьте, нет ли проблем с разрешениями имен Check for name resolution issues
- Error 15401 windows те user
- Error 15401 windows те user
- Answered by:
- Question
- Answers
- Error 15401 windows те user
- Вопрос
- Ответы
MSSQLSERVER_15401 MSSQLSERVER_15401
Применимо к: Applies to: SQL Server SQL Server (все поддерживаемые версии) SQL Server SQL Server (all supported versions) Применимо к: Applies to: SQL Server SQL Server (все поддерживаемые версии) SQL Server SQL Server (all supported versions)
Сведения Details
| attribute Attribute | Значение Value |
|---|---|
| Название продукта Product Name | SQL Server SQL Server |
| Идентификатор события Event ID | 15401 15401 |
| Источник события Event Source | MSSQLSERVER MSSQLSERVER |
| Компонент Component | SQLEngine SQLEngine |
| Символическое имя Symbolic Name | SEC_INVALIDLOGINORGROUP SEC_INVALIDLOGINORGROUP |
| Текст сообщения Message Text | Не найден пользователь или группа Windows NT «%s». Windows NT user or group ‘%s’ not found. Проверьте имя еще раз. Check the name again. |
Пояснение Explanation
Эта ошибка возникает, когда SQL Server SQL Server не удается создать имя для входа на основе субъекта Windows (например, пользователя домена или группы домена Windows). This error occurs when SQL Server SQL Server is unable to create a login based on Windows principal (such as a domain user or a Windows domain group). Пользователю выводится сообщение об ошибке наподобие следующего: An error message like the following is reported to the user
Ошибка 15401. Не найден пользователь или группа Windows NT «%s». Error 15401: Windows NT user or group ‘%s’ not found. Проверьте имя еще раз. Check the name again.
Причина Cause
Эта ошибка может возникать по одной из следующих причин: The error can occur because of any of the following reasons:
- имя для входа не существует в Active Directory; The login does not exist in the active directory.
- контроллер домена недоступен; The domain controller is unavailable.
- при добавлении локальной учетной записи в качестве имени домена не используется BUILTIN; You are not using BUILTIN as the domain name when adding a local account.
- существуют проблемы с разрешениями имен. Name resolution issues.
Рекомендуемые действия User action
В следующих разделах приведены действия, которые можно предпринять для каждой из описанных выше причин. Review the following sections for actions you can take for each of the different causes mentioned above.
Проверьте имя для входа, которое вы пытаетесь добавить Verify the login you are trying to add
- Убедитесь, что имя для входа в Windows по-прежнему существует в домене. Verify that the Windows login still exists in the domain. Ваш администратор сети мог удалить имя для входа в Windows по определенным причинам, и вам, возможно, не удастся предоставить ему доступ к SQL Server SQL Server . Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server SQL Server .
- Убедитесь, что введены правильные имена домена и имени для входа, а также, что вы используете следующий формат: Domain\User Verify that you are spelling the domain and login name correctly and that you are using the following format: Domain\User
- Если имя для входа существует, и оно правильное, но вы по-прежнему получаете сообщение об ошибке, перейдите к следующим разделам этой статьи. If the login exists, and it is correct, and you still receive the error, continue with the following sections in this article.
Проверьте доступность контроллера домена Verify if the domain controller is available
Если контроллер домена, в котором находится имя для входа (тот же или другой домен), недоступен по какой-либо причине, может появиться сообщение об ошибке 15401. You might receive error 15401 when the domain controller for the domain where the login resides (the same or a different domain) is not available for some reason.
Если имя для входа находится в домене, отличном от домена SQL Server SQL Server , убедитесь, что между доменами существуют правильные доверительные отношения. If the login is in a different domain than the SQL Server SQL Server , verify that the correct trusts exist between the domains.
Убедитесь, что контроллер домена имени для входа доступен, выполнив команду проверки связи с компьютера, на котором выполняется SQL Server SQL Server . Verify that the domain controller of the login is accessible by using the ping command from the computer that is running SQL Server SQL Server . Проверьте IP-адрес и имя контроллера домена. Check both the IP address and the name of the domain controller.
Проверьте доменное имя для локальных учетных записей Verify the domain name for local accounts
Для локальных (не доменных) учетных записей требуется специальная обработка. Local (non-domain) accounts require special handling. Если вы пытаетесь добавить локальную учетную запись с локального компьютера, на котором выполняется SQL Server SQL Server , убедитесь, что в качестве имени домена используется BUILTIN. If you are trying to add a local account from the local computer that is running SQL Server SQL Server , ensure you are using BUILTIN as the domain name.
Проверьте, нет ли проблем с разрешениями имен Check for name resolution issues
При возникновении проблем с разрешением имени компьютера, который используется при добавлении имени для входа или группы, может появиться сообщение об ошибке 15401. If you have problems resolving the name of a computer that is involved in adding the login or group, you might receive error 15401.
Убедитесь, что ваш механизм разрешения имен (например, WINS, DNS, HOSTS или LMHOSTS) настроен правильно. Verify that your name resolution mechanism (such as, WINS, DNS, HOSTS, or LMHOSTS) is configured correctly.
Error 15401 windows те user
Hm. Sadly, none of this seems to have worked.
In fact, test users I have created for some reason are not able to log into any computers, they get the error:
The System could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.
Of course, the username and password are correct and in the correct case.
There are no errors in event viewer security to even show the failed login either.
No failure audits.
There are these errors is system though:
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 9/19/2011
Time: 6:27:21 PM
User: N/A
Computer: SQLSERVER
Description:
The Security System detected an authentication error for the server cifs/SQLSERVER. The failure code from authentication protocol Kerberos was «The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)».
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 9/19/2011
Time: 5:59:55 PM
User: N/A
Computer: SQLSERVER
Description:
The Security System detected an authentication error for the server . The failure code from authentication protocol Kerberos was «The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)».
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
When remoting to a server with remote desktop, it provides a different error. It sees that the account exists and username/password are right, but it believes the account is not part of the remote desktop users group (it is)
I just noticed errors in the Active directory:
Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2093
Date: 9/19/2011
Time: 6:17:23 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SQLSERVER
Description:
The remote server which is the owner of a FSMO role is not responding. This server has not replicated with the FSMO role owner recently.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=MTE,DC=ca
FSMO Server DN: CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=MTE,DC=ca
Latency threshold (hours): 24
Elapsed time since last successful replication (hours): 656
This server has not replicated successfully with the FSMO role holder server.
1. The FSMO role holder server may be down or not responding. Please address the problem with this server.
2. Determine whether the role is set properly on the FSMO role holder server. If the role needs to be adjusted, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
3. If the FSMO role holder server used to be a domain controller, but was not demoted successfully, then the objects representing that server are still in the forest. This can occur if a domain controller has its operating system reinstalled or if a forced removal is performed. These lingering state objects should be removed using the NTDSUTIL.EXE metadata cleanup function.
4. The FSMO role holder may not be a direct replication partner. If it is an indirect or transitive partner, then there are one or more intermediate replication partners through which replication data must flow. The total end to end replication latency should be smaller than the replication latency threshold, or else this warning may be reported prematurely.
5. Replication is blocked somewhere along the path of servers between the FSMO role holder server and this server. Consult your forest topology plan to determine the likely route for replication between these servers. Check the status of replication using repadmin /showrepl at each of these servers.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
So it looks like the issue us that the domain controllers are not replicating.
I try to force a replication in sites and services and I get the error message:
The following error occured during the attempt to synchronize naming context MTE.ca from domain controller SQLSERVER to domain controller FILESERVER:
The naming context is in the process or being removed or is not replicated from the specified server.
This operation will not continue.
Also note: I have started calling the network MTE because it’s easier to retype 3 letters than the full word network each time I do a replace.
Error 15401 windows те user
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
when adding a windows login on SQL SERVER 2008 R2 below error is throwing
Windows NT user or group ‘domain\user’ not found. Check the name again.
collation setting of the instance is not case sensitive.
Answers
Have you checked the other possible reasons for this issue?
The login does not exist
- Verify that the Windows login still exists in the domain. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server.
- Verify that you are spelling the domain and login name correctly and that you are using the following format:
- If the login exists, and it is correct, and you still receive the error, continue with the following sections in this article.
Duplicate security identifiers
In a Windows domain, unique Security Identifiers (SIDs) are automatically assigned to Windows logins in the domain. When you add a Windows login as a SQL Server login, the SID is stored in a system table in SQL Server. If you try to add a new login which has the same SID as an existing SQL Server login, the 15401 error occurs.
Authentication failure
You might receive error 15401 when the domain controller for the domain where the login resides (the same or a different domain) is not available for some reason.
- If the login is in a different domain than the SQL Server, verify that the correct trusts exist between the domains.
- Verify that the domain controller of the login is accessible by using the ping command from the computer that is running SQL Server. Check both the IP address and the name of the domain controller.
After you tried all the possible methods list above, you still receive the same error, please check the error log as Dean Savović mentioned above and share us the detailed error message here as we can analysis further.
Error 15401 windows те user
Вопрос
when adding a windows login on SQL SERVER 2008 R2 below error is throwing
Windows NT user or group ‘domain\user’ not found. Check the name again.
collation setting of the instance is not case sensitive.
Ответы
Have you checked the other possible reasons for this issue?
The login does not exist
- Verify that the Windows login still exists in the domain. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server.
- Verify that you are spelling the domain and login name correctly and that you are using the following format:
- If the login exists, and it is correct, and you still receive the error, continue with the following sections in this article.
Duplicate security identifiers
In a Windows domain, unique Security Identifiers (SIDs) are automatically assigned to Windows logins in the domain. When you add a Windows login as a SQL Server login, the SID is stored in a system table in SQL Server. If you try to add a new login which has the same SID as an existing SQL Server login, the 15401 error occurs.
Authentication failure
You might receive error 15401 when the domain controller for the domain where the login resides (the same or a different domain) is not available for some reason.
- If the login is in a different domain than the SQL Server, verify that the correct trusts exist between the domains.
- Verify that the domain controller of the login is accessible by using the ping command from the computer that is running SQL Server. Check both the IP address and the name of the domain controller.
After you tried all the possible methods list above, you still receive the same error, please check the error log as Dean Savović mentioned above and share us the detailed error message here as we can analysis further.
