Cross-domain authentication for SQL Server 2000

We operate a SQL2000 server (running on Server 2003) for the benefit of a number of public agencies.  Up until recently, all participating domains were child domains of the parent domain in which the SQL Server lived and we had no issues with using Named Pipes or Winsock Netlib to connect clients to the SQL database.

Recently one of our partner agencies has established a new domain in a new forest and we created a trust to support continued access to our servers.  All of the server connections are working except the most important one - this SQL Server 2000 server.  SQL 2005 works, Exchange works, etc. but we cannot establish connections between workstations on the new domain and the SQL 2000 server.  We get an error message of "Login failed for user 'testuser'. Reason: Not associated with a trusted SQL Server connection."

The DNS seems to be solid and a packet capture shows no evidence of failure of name resolution.  It seems that the SQL negotiation doesn't recognize the trust and it seems that the domain functional level might be an issue as well.  The forest functional level is Windows 2000 and the domain in which the SQL Server lives is Server 2003; the new domain is also Server 2003.  I have removed all of the impediments to raising the functional level of the forest and hope to do that within the next few days but I'm not at all confident that doing so will change the problem.

Anyone have any ideas on establishing Windows authentication under the circumstances I have described?



LVL 2
pmwrightjrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony MassaCommented:
If you're attempting to use Kerberos auth, I would check the SQL server service account (if you're using one) for the SQL server's SPN, or the computer's AD account.
http://support.microsoft.com/kb/909801

Make sure that your client and server have logon auditing enabled for failures so you can check the SECURITY event log for logon errors.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pmwrightjrAuthor Commented:
Not trying to run Kerberos but did check the suggestions without effect.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.