Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 SQL Server Administration (2005)
 New Login or CREATE LOGIN Windows 2008 r2 error

Author  Topic 

Sitka
Aged Yak Warrior

571 Posts

Posted - 2009-09-09 : 18:16:28
On a HYPER-V VM with SERVER 2008 R2
AND
SQL 2005 STD

(or 2008 or 2008 R2)

Msg 15401
Windows NT user or group 'DOMAIN\user' not found

CREATE LOGIN can be run successfully against the VM instance from another machine off the HYPER-V Host.

Any clues?

Thanks




"it's definitely useless and maybe harmful".

squison
Starting Member

4 Posts

Posted - 2009-09-23 : 15:38:23
Is UAC turned on? Try shutting it off. I just had this problem with a physical box running SQL 2008 STD + Win 2008 R2. Turning off UAC and rebooting fixed the problem.
Go to Top of Page

Sitka
Aged Yak Warrior

571 Posts

Posted - 2010-03-05 : 10:54:55
Actually this was finally solved by someone from the Microsoft SQL Outsourced support group Wicresoft. I worked for a month with the AD guys on the case to no end and just when I was about to give up a fresh set of eyes helped.

Since in Windows 2008 R-2 Server, it increased the security due to which SID Lookup fails. Below Group Policies by default are enabled on Windows 2008 /2008 R-2 Server:
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)

We can disable the above options to reduce security on Windows 2008 Domain, to allow communication with down level domain. Implemented same changes on Server in the down level domain that was unable to browse for users in the Windows 2008 Domain. Please follow the action plan below:

Action Plan:
=========
1. Click Start->Click Run->Input GPEDIT.MSC->Expand “Computer configuration” -> Windows Settings -> Security Settings -> Local Policies -> Security Options.

2.Change option below:
Domain Member: Digitally encrypt or sign secure channel data (always) - Set this to Disable
Domain member: Digitally encrypt secure channel data (when possible) – Set this to Disable
Domain member: Digitally sign secure channel data (when possible) – Set this to Disable




"it's definitely useless and maybe harmful".
Go to Top of Page
   

- Advertisement -