Examples of some connection errors for Azure Active Directory Authentication
Mirek Sztajno
Last updated on 09/28/15
Examples of some connection errors for Azure Active Directory Authentication with Azure SQL DB V12
(*) Please note that this table does not represent a complete sample of connection errors for Azure AD authentication
and will be extended based on new connection errors experienced by end-users
| Error Message | Reason | Action |
Error: 18456 Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (.Net SqlClient Data Provider) Cannot connect xxxxx.database.windows.net For help, click: https://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 |
There are many scenarios that may cause this error. Generally user does not have permission to connect to a database(i.e. Azure AD user has not been granted CONNET permission to a database he tries to connect to. |
Please check user connect permission |
Error: 40607 Windows logins are not supported in this version of SQL Server. (Microsoft SQL Server, Error: 40607) |
Indicates that the required software for Azure AD auth is not installed (i.e. old version of SSMS, no .NET 4.6, no ADALSQL.DLL) | Check the necessary software is installed. Don’t forget to reboot the machine if .NET 4.6 was installed |
Error: 10054 Cannot connect to myserver1.database.windows.net. A connection was successfully established with the server, but then an error occurred during the login process. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.) (Microsoft SQL Server, Error: 10054) For help, click: https://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=10054&LinkId=20476 |
V11 server with managed/federated account | Migrate to V12 server |
Error code 0xCAA90020; state 10 Failed to authenticate the user aadtest@live.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA90020; state 10 Url for WS-Trust metadata exchange endpoint is not a secure (https). |
MSA account is not supported | Choose another user supported for Azure Ad auth |
Error code 0xCAA20002; state 10 Failed to authenticate the user admin@myaad.onmicrosoft.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20002; state 10 AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID. Trace ID: 35e5628c-62e2-466f-9f5d-722f1c34d984 Correlation ID: 77d83afa-541a-4ea8-a942-8442e3c367a7 Timestamp: 2015-08-28 03:10:01Z (.Net SqlClient Data Provider) |
External admin on SQL server is not set | Check the external admin configuration |
Error code 0xCAA20003; state 10 Failed to authenticate the user bob@contoso.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20003; state 10 ID3242: The security token could not be authenticated or authorized. |
Wrong username/password for Active Directory Password Authentication targeting federated tenant | Ensure the username and password are correct for the federated domain to connect |
Error code 0xCAA20003; state 10 Failed to authenticate the user produser@myaad.onmicrosoft.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20003; state 10 AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password Trace ID: 3558d287-3ffd-4c53-98ac-08c152a09304 Correlation ID: 036d8ae8-1a26-4437-b0aa-7912f1ba0b46 Timestamp: 2015-09-04 20:34:33Z (.Net SqlClient Data Provider) |
Wrong username/password for Active Directory Password Authentication targeting Managed tenant | Ensure the username and password are correct for the managed domain to connect |
|
Error code 0xCAA20064; state 10 Failed to authenticate the user alice@myaad.onmicrosoft.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20064; state 10 AADSTS70002: Error validating credentials. AADSTS50055: Password is expired. Trace ID: 25d80a2d-c39b-4f03-ac6c-ae547ee33135 Correlation ID: 78ad0aa5-9f5f-4ff6-881b-76c1bdb87f7a Timestamp: 2015-09-09 17:26:34Z (.Net SqlClient Data Provider) |
Azure AD password expired | Reset Azure AD password |
Comments
- Anonymous
July 14, 2016
This link is not valid : http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 - Anonymous
July 19, 2016
How about error code 0xCAA900023; state 10"Could not discover endpoint for username/password authentication. Check your ADFS settings. It should support username/password authentication for WS-Trust 1.3 or WS-Trust 2005."Our ADFS 2.0 has both windowstransport endpoints enabled and it still does not work.