Connecting to SQL database application from a trusted domain

Hi all,
We have merged two companies. The companies are on unique domains.
I have setup a two way trust between domains. SID filtering is enabled.

I have a SQL application on domain ABC.com  that I need to access from domain XYX.com. The application has it's own authentication method and is not AD integrated.
SQL authentication is set to "mixed" mode.

I can access the application from the computers that are on the ABC.com domain.
I cannot access the application from the XYZ.com domain.


It appears the domain users are mapped to a  SQL user named "coexecutive".
When I attempt to login from XYZ.com I get an error that says "Error: Unable to retrieve company information. Login Failed for user 'coexecutive'. {InformationalException}.
I get a matching error in SQL that says "Login failed for user "coexecutive'. Reason: Password did not match for that login provided."


I joined a laptop to the ABC.com domain. I connected it to the XYZ.com network. I am able to login to the application.
This tells me it is not a port or IP setting issue. It must be a security issue.
If I login to the same laptop with a local account I get the same error when connecting to DB.

Any thoughts as how to allow the users in the XYZ.com domain access to the SQL database?
I've read some posts that say to create a local SQL user and map the domain users to that account. I have not been able to come up with steps to make that happen.

Thanks,
Steve
elsteefAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ste5anSenior DeveloperCommented:
How does the application authentictes? Using SQL Server or Windows integrated (SSPI)?
elsteefAuthor Commented:
I believe it is using SQL Server Authentication. If I open SSMS, the only Domain accounts I see are the domain admin account, NTauthority\System, NT Service\MSSQLServer and NT Service\SQLServeragent.
All other accounts are SQL accounts.
ste5anSenior DeveloperCommented:
When it's SQL Server auth, then it is imho a firewall or an additional routing from the secondary domain is necessary.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

elsteefAuthor Commented:
Thanks Ste5an.
As a point of clarification. If I take a computer that is joined to the same domain as the SQL server and put it on my network (and my IP scheme) I can connect to the SQL server without any issues. If I log on to that same laptop as a local user rather than a domain user, I get the same error.
It's definitely a security issue between domains ABC.com and XYX.com. I just not clear on what would cause that issue.

Do you know of any default security settings that get populated to computers on the same domain? Maybe it's an issue of manually giving Domain ZYX those same security settings?
elsteefAuthor Commented:
A little follow-up information.
I have physical access to the SQL server that is hosting the application on Domain ABC.
I took my laptop from Domain XYZ and physically connected it to the same switch as the SQL server. I still get the same error message. Keep in mind this laptop is joined to the XYZ domain.
I also setup a firewall exception on the SQL server to allow all traffic . Just to be sure it wasn't an oddball firewall issue.

Steve
ste5anSenior DeveloperCommented:
Another possibilty would be some logon trigger checking the account name..
elsteefAuthor Commented:
I have the problem resolved. Apparently it was related to using the FQDN instead of the NetBIOS name.

While I probably could have reconfigured the SQL server to allow connections using the FQDN, it was easier to add a Host A record to my DNS server on the XYZ domain.

I am now able to connect and authenticate correctly. Thanks for the input.

Steve

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.