SQL denies access to the FBA Database.

Jan 16, 2009 at 1:21 AM
Edited Jan 16, 2009 at 1:22 AM
Can somebody help me with an issue setting up FBA?

I followed the steps in the article Office SharePoint Server 2007 - Forms Based Authentication (FBA) Walk-through - Part 1.


After all is done and I try to login to the FBA Sharepoint site I get permission denied error in both SQL logs and the Windows logs on the SQL box.

== SQL Application Log ERRORS ===
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 192.168.200.10]

SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.200.10]

==



All accounts all have ( even admin ) access to both the FBA database and SQL itself.

Also the Application Pool for the Sharepoint App also , has all admin access to SQL.



I am not very good with ASP / SQL , What is trying to connect and is failing ?
Developer
Jan 16, 2009 at 2:58 PM
It's hard for me to say what might be wrong here...is the SQL Server on a separate machine?  If so, you'll need to use a domain account to connect via a trusted connection.  If you don't have a domain controller, then you'll need to set up SQL authentication, not a trusted connection.  Usually when you see this error, the account used by the App Pool doesn't have access to the membership database.   Double-check that the account has a mapping explicitly to the database.  Start out with the database owner permission; once you get it running you can actually restrict some of the permissions if you wish.

How does SharePoint connect to the database?

Oh, there's one other possibility, if SQL Server is on a separate machine.  Look in your registry hive under HKLM\SYSTEM\CurrentControlSet\Control\Lsa  and inspect the value of the CrashOnAuditFail key.  If it is a 2, then you've had a problem when the server was rebooted, and the system couldn't write to the security log.  When this happens, that key is set to 2, which is the triggered state, and only a domain or local admin can connect to the machine.  This will give you the most perplexing errors at times.  For more info, see:  http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/46686.mspx?mfr=true

It seems to me that this issue was fixed a while back, but I've seen this error enough that it was named the "mike sharp error" where I used to work. It's a long story...   :)
  
Regards,
Mike Sharp
Jan 16, 2009 at 3:42 PM
I will take time to go through all suggestions , thanks a lot.

It is a DC / SQL / Sharepoint all on one box. Not the best method , I agree , but multiple Virtual Servers on the Internet is expensive.
Jan 18, 2009 at 12:52 AM
The problem I am having is that every time the Sharepoint Web site is trying to connect to get these SQL users I am getting this error in Event Viewer

“Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 192.168.200.10]”

SQL Profiler shows that ‘’ ( this is Anonymous User ) is trying to connect to the Master database and obviously failing. Now why would something be trying to establish anonymous connection to Master ?

All Sharepoint Web Sites run with full permissions and they can connect to all databases.