Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Mirek Sztajno
Last updated on 09/28/15
Examples of some connection errors for Azure Active Directory Authentication with Azure SQL DB V12
(*) Please note that this table does not represent a complete sample of connection errors for Azure AD authentication
and will be extended based on new connection errors experienced by end-users
| Error Message | Reason | Action |
Error: 18456 Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (.Net SqlClient Data Provider) Cannot connect xxxxx.database.windows.net For help, click: https://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 |
There are many scenarios that may cause this error. Generally user does not have permission to connect to a database(i.e. Azure AD user has not been granted CONNET permission to a database he tries to connect to. |
Please check user connect permission |
Error: 40607 Windows logins are not supported in this version of SQL Server. (Microsoft SQL Server, Error: 40607) |
Indicates that the required software for Azure AD auth is not installed (i.e. old version of SSMS, no .NET 4.6, no ADALSQL.DLL) | Check the necessary software is installed. Don’t forget to reboot the machine if .NET 4.6 was installed |
Error: 10054 Cannot connect to myserver1.database.windows.net. A connection was successfully established with the server, but then an error occurred during the login process. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.) (Microsoft SQL Server, Error: 10054) For help, click: https://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=10054&LinkId=20476 |
V11 server with managed/federated account | Migrate to V12 server |
Error code 0xCAA90020; state 10 Failed to authenticate the user [email protected] in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA90020; state 10 Url for WS-Trust metadata exchange endpoint is not a secure (https). |
MSA account is not supported | Choose another user supported for Azure Ad auth |
Error code 0xCAA20002; state 10 Failed to authenticate the user [email protected] in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20002; state 10 AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID. Trace ID: 35e5628c-62e2-466f-9f5d-722f1c34d984 Correlation ID: 77d83afa-541a-4ea8-a942-8442e3c367a7 Timestamp: 2015-08-28 03:10:01Z (.Net SqlClient Data Provider) |
External admin on SQL server is not set | Check the external admin configuration |
Error code 0xCAA20003; state 10 Failed to authenticate the user [email protected] in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20003; state 10 ID3242: The security token could not be authenticated or authorized. |
Wrong username/password for Active Directory Password Authentication targeting federated tenant | Ensure the username and password are correct for the federated domain to connect |
Error code 0xCAA20003; state 10 Failed to authenticate the user [email protected] in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20003; state 10 AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password Trace ID: 3558d287-3ffd-4c53-98ac-08c152a09304 Correlation ID: 036d8ae8-1a26-4437-b0aa-7912f1ba0b46 Timestamp: 2015-09-04 20:34:33Z (.Net SqlClient Data Provider) |
Wrong username/password for Active Directory Password Authentication targeting Managed tenant | Ensure the username and password are correct for the managed domain to connect |
|
Error code 0xCAA20064; state 10 Failed to authenticate the user [email protected] in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20064; state 10 AADSTS70002: Error validating credentials. AADSTS50055: Password is expired. Trace ID: 25d80a2d-c39b-4f03-ac6c-ae547ee33135 Correlation ID: 78ad0aa5-9f5f-4ff6-881b-76c1bdb87f7a Timestamp: 2015-09-09 17:26:34Z (.Net SqlClient Data Provider) |
Azure AD password expired | Reset Azure AD password |
Comments
- Anonymous
July 14, 2016
This link is not valid : http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 - Anonymous
July 19, 2016
How about error code 0xCAA900023; state 10"Could not discover endpoint for username/password authentication. Check your ADFS settings. It should support username/password authentication for WS-Trust 1.3 or WS-Trust 2005."Our ADFS 2.0 has both windowstransport endpoints enabled and it still does not work.