SQL Error 18452 state 1 and : Token-based server access validation failed with an infrastructure error
Posted on 2013-11-14
I have been researching this error for the SQL though I am a Sys Admin because he believes the error is not with his SQL despite the mounds of documentation I have presented him with including everything from UAC, SPN, SID, time differences, web config, invalid ID, password, check that database connection using Kerberos authentication etc.
His reasoning is the errors is not continual for the account identified. Meaning the account an App server uses to connect to the SQL Server and Database works most of the time but has thrown the 18452, 17806, along with "Login failed for user 'Domain\Services'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>])"
The issue occurs about twice a day without a routine and last only for a few minutes and then the connection is reestablished and all is well. The problem is if there is large data project going during the fail the project must be redone which is a severe impact on our clients and business.
1. Has anyone seen this error in the inconstant state we do?
2. Can someone please verify that this is not an AD issue but rather a SQL issue?
3. Any ideas?
Also, I will say I can not confirm he has tried all suggestions and even stated:
1. Because we’re not open network we don’t use Kerberos explicitly, we make connectivity over TCP using NTLM & SQL authentication. Kerberos is good if you’re making connectivity in open network
2. Also this error is not a continual error, we’re experiencing for few seconds or sometime few minutes, so obviously not the account lock or password error. These accounts are service accounts and configured for no lock mode.
3. We are not using any local account, all application/service accounts are domain based account.
4. Config file should not be an issue because these errors appears as a fluctuations for few minutes
Any help is more than appreciated. Please anyone so I can tell him this is an SQL or Network (maybe) issue and not AD.