Error 15401

Hi folks,
When using the "Enterprise Manager" to add logins to a SQL Server
instance, I'm running into an error 15401. Before I get too far, let me
describe the environment I'm doing this in:
We have two domains:
Domain A is an old NT 4 style domain.
Domain B is a new Active Directory domain powered by Windows Server 2003
running in the "Windows Server 2003" domain functional level.
We're in the process of transitioning from Domain A (with the hopes of
retiring the domain soon), to Domain B. As such, currently, there is a
two trusts between Domain A and Domain B (going in each direction).
On Windows Server 2003 machine on Domain B, I've installed SQL Server
2000, and have it patched to SP4. I've set up a new database on this
SQL server (running as a standard domain B user), and was in the process
of adding logins for it when I encountered the error 15401. Precisely
what I was doing was using the Enterprise Manager on the server directly
to add logins, specifically I was trying to add a few groups from Domain
A to the databse. This is where the error crops up.
(I should note, adding users of Domain B is not a problem, that
functions correctly.)
So, I started troubleshooting, and in doing so, looked over this document:
http://support.microsoft.com/default...b;en-us;324321
None of the situations described in that document apply. There is no
possability of duplicate logins, as this is a new install of SQL Server,
and a freshly created database (just to be sure tho, I manually examined
the syslogin tables in the master db).
There is no problem with the Domain Trust, as the Enterprise Manager on
the same machine as SQL Server is on, can display a list of groups and
accounts from both Domain A and Domain B, not to mention people can from
Domain A can connect to shares offered on the Window Server without trouble.
I've also read that its possible that SQL Server internally caches SIDs,
so I rebooted both the server, and the PDC for Domain A, as well as the
domain controllers for Domain B, with no success.
One additional symptom (not knowing how else to describe it). When an
ASP page, running as a user from Domain A, attempts to connect to the
database in Domain B, it gets a "Login failed for user 'derek'.", even
though the page is running as "A\scott". So where it gets "derek" from,
I haven't even a slightest clue.
If anyone has any ideas or help, it would be greatly appreciated.
Thanks
Scott
It looks to me like you have covered all of the likely problems... Perhaps
a call to PSS is your next step.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Scott Peron" <scott@.infolytica.com> wrote in message
news:%23VTQ%23HuYFHA.3488@.tk2msftngp13.phx.gbl...
> Hi folks,
> When using the "Enterprise Manager" to add logins to a SQL Server
> instance, I'm running into an error 15401. Before I get too far, let me
> describe the environment I'm doing this in:
> We have two domains:
> Domain A is an old NT 4 style domain.
> Domain B is a new Active Directory domain powered by Windows Server 2003
> running in the "Windows Server 2003" domain functional level.
> We're in the process of transitioning from Domain A (with the hopes of
> retiring the domain soon), to Domain B. As such, currently, there is a
> two trusts between Domain A and Domain B (going in each direction).
> On Windows Server 2003 machine on Domain B, I've installed SQL Server
> 2000, and have it patched to SP4. I've set up a new database on this SQL
> server (running as a standard domain B user), and was in the process of
> adding logins for it when I encountered the error 15401. Precisely what I
> was doing was using the Enterprise Manager on the server directly to add
> logins, specifically I was trying to add a few groups from Domain A to the
> databse. This is where the error crops up.
> (I should note, adding users of Domain B is not a problem, that functions
> correctly.)
> So, I started troubleshooting, and in doing so, looked over this document:
> http://support.microsoft.com/default...b;en-us;324321
> None of the situations described in that document apply. There is no
> possability of duplicate logins, as this is a new install of SQL Server,
> and a freshly created database (just to be sure tho, I manually examined
> the syslogin tables in the master db).
> There is no problem with the Domain Trust, as the Enterprise Manager on
> the same machine as SQL Server is on, can display a list of groups and
> accounts from both Domain A and Domain B, not to mention people can from
> Domain A can connect to shares offered on the Window Server without
> trouble.
> I've also read that its possible that SQL Server internally caches SIDs,
> so I rebooted both the server, and the PDC for Domain A, as well as the
> domain controllers for Domain B, with no success.
> One additional symptom (not knowing how else to describe it). When an ASP
> page, running as a user from Domain A, attempts to connect to the database
> in Domain B, it gets a "Login failed for user 'derek'.", even though the
> page is running as "A\scott". So where it gets "derek" from, I haven't
> even a slightest clue.
> If anyone has any ideas or help, it would be greatly appreciated.
> Thanks
> Scott