Untrusted Domain issue NAV 2009

stunomatic

Error: The login is from an untrusted domain and cannot be used with windows authentication.


What is the reason of his error ? If End-User re-open NAV Client after 5 to 10 minutes then it connects without any error.

If 15 users try to access NAV at the same time then 7 will get error.

We have 30 concurrent users license out of which 20 are using simultaneously.





Please advise.

Thank You

Slawek_Guzek

It is not NAV issue.

This is because your SQL Server has problems authenticating the user against the network domain controller.

Unfortunately, there are many potential reasons for that. It could be caused by some network problems, or network design itself (the SQL server is in a place in the network where it is 'hard' to contact the active directory domain controller because the connection is slow and/or unreliable). It could be also caused by lack of time synchronization between the machine on which SQL server is running the SQL Server and the domain controller, unlikely but if the time is out by too much the Kerberos authentication may not work. It would be rather a persistent problem, not intermittent, but worth checking.

Get your network support to investigate the connection between the SQL Server box and the AD controlles. Check the latency, packet loss, routing loops, connection flapping - especially if the AD controllers are remote to the SQL Server box.

Sometimes such weird results are caused by broken or loose patch cable - especially if they are home made, or by a problem with ethernet port in network equipment.

Slawek_Guzek

It is not NAV issue.

This is because your SQL Server has problems authenticating the user against the network domain controller.

Unfortunately, there are many potential reasons for that. It could be caused by some network problems, or network design itself (the SQL server is in a place in the network where it is 'hard' to contact the active directory domain controller because the connection is slow and/or unreliable). It could be also caused by lack of time synchronization between the machine on which SQL server is running the SQL Server and the domain controller, unlikely but if the time is out by too much the Kerberos authentication may not work. It would be rather a persistent problem, not intermittent, but worth checking.

Get your network support to investigate the connection between the SQL Server box and the AD controlles. Check the latency, packet loss, routing loops, connection flapping - especially if the AD controllers are remote to the SQL Server box.

Sometimes such weird results are caused by broken or loose patch cable - especially if they are home made, or by a problem with ethernet port in network equipment.

stunomatic

Thanks for your response,

I did 2 things.

1. In AD server I create a VM using hyperV, but still network interface has no load.
2. I removed DNS settings from network adaptor because I was confused why ERP server need internet connectivity.

I found no issue in pinging AD <-> SQL

Slawek_Guzek

I am not sure if removing DNS entry was a good idea. Removing DNS does not disable internet connectivity - after all someone may use just the IP address to get outside. On the other hand SQL Server would need to find somehow the AD controller

If you need to disable internect connectivity configure your SQL to connect throug the proxy, or disable external traffic to/from the SQL box on the router.


Also running a virtual machine host on your AD conroller may not be the best idea, if I understood your setup correctly. Even if there is no load on network interface the VM may strain memory, disks, and if your are not on SSDs then the disk is quite a bottleneck, which can slow down the host.

When you ping AD controller from SQL box do you use IP address or the server name?

stunomatic

"On the other hand SQL Server would need to find somehow the AD controller"

It was because of DNS. After adding DNS, its starts working fine.


Thanks for helping out.