Login failed for user '(null)'

From: Paul Haltenberg (haltenberg_at_yahoo.com)
Date: 06/24/04 

Date: 24 Jun 2004 03:21:48 -0700

I am running a third-party web application (mainly ASP and specific
pages with their own extension that are processed by a third-party
ISAPI dll) on a Windows 2000 Server (IIS 5.0) which is also a domain
controller and has MS SQL 2000 installed. Anonymous access in IIS for
this application is set to use a domain account. This account is also
granted access to MS SQL 2000 database. Everything works just fine.

For performance purposes I moved MS SQL 2000 Server to a new machine
(Windows 2003 server, domain member). When I did so, asp scripts in
the application work perfectly well. I have auditing turned on on MS
SQL running on Windows 2003 and I can see successful logins to MSSQL
for the user which is configured for anonymous access in IIS running
on Windows 2000.

But, when I try to access any of those specific pages with their own
extension that are processed by ISAPI dll, the IIS log shows the
following error:
Out-of-process+ISAPI+extension+request+failed. 503
and the MSSQL errorlog shows the following error at once:
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection.

According to this application's documentation, TCP/IP and Named Pipes
are required on MS SQL (and they are there!). There's also a specific
mentioning that that particular ISAPI requires and works through Named
Pipes only.

For testing purposes I have also deployed IIS on Windows 2003 and
installed the application telling it to use MS SQL server on the
Windows 2000 DC and this worked fine! But when I do backwards, I get
Login failed for user '(null)' and
Out-of-process+ISAPI+extension+request+failed. 503 in IIS.

I need to have IIS on Windows 2000 DC and MS SQL on Windows 2003
domain member and it doesn't work, but works fine when I do vice versa
(IIS on 2003 and MS SQL on 2000 DC). I have checked all the policies
for 'access this computer from the network', 'log on locally',
'accounts trusted for delegation', 'computer trusted for delegation'
and the behavior is still the same:

- if IIS is on Win2000 DC and MSSQL is also there, everything works;
- if IIS is on Win2000 DC and MSSQL is on Windows 2003 domain member:
error;
- if IIS is on Win2003 domain member and MSSQL is on Win2000 DC:
everything works.

Any ideas what I might be missing?

Relevant Pages

  • IIS6 Slow
    ... I have an intranet application running on Windows 2003 with IIS 6. ... The database is on SQL ... IIS5 seems to be better than IIS6. ...
    (microsoft.public.inetserver.iis)
  • Re: been hit by hacker, servudaemon installed
    ... security patching on iis 4.0 ... security fixes into the new version. ... >install all service packs and patches from Microsoft, ... >>>Windows, Apache, you name it. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS 6.0 and SQL server
    ... domain account, or it needs to be a local account on both machines with ... should be true both if you are using Windows authentication in SQL, ... if you are using SQL authentication in SQL but the SQL client on the IIS ...
    (microsoft.public.inetserver.iis.security)
  • Login failed for user (null)
    ... ISAPI dll) on a Windows 2000 Server (IIS 5.0) which is also a domain ... controller and has MS SQL 2000 installed. ... domain member and it doesn't work, but works fine when I do vice versa ...
    (microsoft.public.sqlserver.connect)
  • Login failed for user (null)
    ... ISAPI dll) on a Windows 2000 Server (IIS 5.0) which is also a domain ... controller and has MS SQL 2000 installed. ... domain member and it doesn't work, but works fine when I do vice versa ...
    (microsoft.public.sqlserver.security)