0

Using PowerShell Core 7.1.4, when I try to connect to my MS SQL instance using integrated security with an Azure AD account with Connect-DbaInstance from the dbatools module, I am met with an error message about login failed using NT AUTHORITY\ANONYMOUS LOGON. It works fine from PowerShell 5.1.

I am using an Azure AD connected account. The same account that I use to connect to MSSQL using SSMS. Client and server is on same domain (localhost). The command was executed from a local powershell core session - no remoting involved. SYSTEM account is not involved.

Connect-DbaInstance -SqlInstance <servername>\<instancename> results in:

Error connecting to [<servername>\<instancename>]: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Connecting to the same MS SQL instance using PowerShell 5.1 and SSMS works fine with the the same Azure AD account.

Is it not possible to use windows authentication from PowerShell Core to MS SQL?

cejohn
  • 1
  • 2
  • Yes, it's not just possible, it's the default. What account are you using though? Are the client and server on different domains? How did you launch the command? Directly from a terminal or over a remote session? Was it launched as `SYSTEM` from a service? What's the actual command line? What's the actual, full error message? – Panagiotis Kanavos Sep 08 '21 at 06:37
  • I am using an Azure AD connected account. The same account that I use to connect to MSSQL using SSMS. Client and server is on same domain (localhost). The command was executed from a local powershell core session - no remoting involved. `SYSTEM` is not involved. `Connect-DbaInstance -SqlInstance \` results in **Error connecting to [\]: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'**. – cejohn Sep 08 '21 at 06:44
  • When the client and server aren't in the same domain, the Windows account can't be used for authentication. When you run something using the `Service` or `Network` account the actual account used it the machine's, `‘DomainName\MachineName$’`. `NT AUTHORITY\ANONYMOUS LOGON` is used when there are Kerberos issues – Panagiotis Kanavos Sep 08 '21 at 06:45
  • 1
    `an Azure AD connected account` that's not exactly Windows authentication. It's almost certain there are Kerberos issues. [This blog post](https://blog.sqlauthority.com/2015/06/13/sql-server-login-failed-for-user-nt-authorityanonymous-logon/) explains how to look into SQL Server's Error log for the relevant log entries. – Panagiotis Kanavos Sep 08 '21 at 06:45
  • Please put all the relevant information in the question itself. – Panagiotis Kanavos Sep 08 '21 at 06:50
  • Have you tried any of the AAD examples in `Get-Help Connect-DbaInstance -Examples`? – AlwaysLearning Sep 08 '21 at 06:59
  • Yes, I have tried, but I don't think the problem is AAD as I can connect using the same AAD account in PowerShell 5.1 and in SSMS. – cejohn Sep 08 '21 at 07:03

0 Answers0