Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
SSPI handshake failed with error code <error code> while establishing a connection with integrated security; the connection has been closed. [CLIENT: <ip address>].
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is SSPI?
Had this event along with the event ID 18452. Server is a HP Insight Manager, and in this case, these events are caused by the database of this application. HP SIM Service was running with an account, and connection database was made with another account, actually disabled.
- Edited the file database.props to change the current account by the same account than the service HPSIM is running
- Forced new password with the mxpassword utility embedded with HP SIM
- Changed password in AD for the service account
- Changed the password on the HP SIM and OpenSSH services
- Restarted services, and everything went fine
HP Support Forum Thread 977955 (How do i change Database Connection User?) was very helpful.
In our case, the server that was showing the error had the MSSQLSERVER service running using a domain account that had a password change yesterday. All client/server applications were up and running, but all jobs started to fail and we were unable to connect to the databases on that server using SQL Server Management Studio. Restarting the service with the new credentials was the solution.
Check all accounts and computers in the delegation path for the database or for the application that accesses the database. Something in the environment changed at a client site and Event ID 18452 along with this event started occuring. Everything looked normal until we went back through the user and the computer accounts associated with the database and the web server. In the client's case, they had a web application accessing a database using windows authentication. From the web server, the page would come up. From a client system, the web site would not. We found that the domain account that the SQL server was running under had delegation disabled in active directory. After enabling delegation on the account, the error went away. We worked with Microsoft on this issue and at one point, they had us check delegation on the sql server account and web server account as well.
|Private comment: Subscribers only. See example of private comment|
|Links: Event ID 18452 from source MSSQLSERVER, How do i change Database Connection User?|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated