6

I am trying to add a domain user. I am doing the following.

  1. Expand Security
  2. Right click on Logins
  3. Select New Login...
  4. Login name select search
  5. Click on location and select entire directory
  6. Type username
  7. Click checkname
  8. The name goes underlined and add some more info
  9. Click OK
  10. Click OK

I then get the following error: 15401 error

I have found http://support.microsoft.com/kb/324321.

  • The Login does exist
  • There is no Duplicate security identifiers
  • Authentication failure I don't think is happening as I can browse AD
  • Case sensitivity should not be the problem as I am doing the checkname and it is correcting it.
  • Not a Local account
  • Name resolution again I can see the AD

I have rebooted the server (VM) and the issue is still happening. Any ideas?

Edit

I have also:

  • Domain member: Digitally encrypt secure channel data (when possible) – Disable this policy
  • Domain member: Digitally sign secure channel data (when possible) – Disable this policy
  • Rebooted server

http://talksql.blogspot.com/2009/10/windows-nt-user-or-group-domainuser-not.html

Edit 2

I have also:

  • Digitally encrypt or sign secure channel data (always)- Disabled
  • Rebooted

Edit 3

Since the question have moved site I no longer haves access to comment etc...

I have checked the dns on the server to a machine where it is working. The DNS servers are the same on both...

splattne
  • 28,508
  • 20
  • 98
  • 148

4 Answers4

2

Old question but I had the same issue today on SQL Server 2012 (web) when trying to create a login for a domain user, something I've done numerous times before. The issue for me turned out to be the SQL Server agent which had not started up following an overnight server reboot.

fudoki22
  • 21
  • 3
1

I had the same issue and it occurred because I just added a group in AD and was now trying to add it in SQL Server. I suspected that the Active Directory information had not yet propagated. After forcing it to propagate, I could add my group without error.

John Pelaschier
  • 11
  • 1
0

I had a very similar situation where I could browse the domain and actually see the users but as soon as I clicked add it would give me an error. I was adding my users to Windows groups and not SQL Server but this sounds very close to what was happening to me.

I fixed it be setting my Domain Controller as the primary DNS. Once I did that everything worked fine. If your environment has multiple DNS servers make sure that the Domain Controller is the primary and see if that helps.

Shane
  • 1,869
  • 4
  • 20
  • 34
0

I've seen this happen recently where the check against AD fails on creation because the when the name gets "auto-corrected" through the lookup it doesn't use the correct case, but it seemed to be relevant to the version of SSMS installed. Scripting the action out and executing from a new query window worked.

Jason Cumberland
  • 1,579
  • 10
  • 13