Login Failed for user DomainName\machinename

 NETWORK SERVICE and LocalSystem authenticate themselves always as the corresponding account locally (builtin\network service and builtin\system) but both will authenticate as the machine account remotely. This can cause login failures.

If you see a failure like Login failed for user 'DOMAIN\MACHINENAME$' it means that a process running as NETWORK SERVICE or as LocalSystem has accessed a remote resource, has authenticated itself as the machine account, and was denied authorization.

A typical example would be an ASP application running in an app pool set to use NETWORK SERVICE credential and connecting to a remote SQL Server: the app pool will authenticate as the machine running the app pool and is this machine account that needs to be granted access.

When access is denied to a machine account, then access must be granted to the machine account. If the server refuses to login 'DOMAIN\MACHINE$', then you must grant login rights to 'DOMAIN\MACHINE$' not to NETWORK SERVICE. Granting access to NETWORK SERVICE would allow a local process running as NETWORK SERVICE to connect, not a remote one, since the remote one will authenticate as, DOMAIN\MACHINE$.

 

What you need to do to fix this is open IIS manager open up the advanced view for the particular app pool, and change it to run as yourdomain\yourusername, add the password, and restart the pool.


Obviously this isn't a perfect fix because when password changing time arrives, you may need to go back to IIS and change the password.

Comments

Popular posts from this blog

Some observations on Script Callbacks, "AJAX", "ATLAS" "AHAB" and where it's all going.

IE7 - Vista: "Internet Explorer has stopped Working"

FIREFOX / IE Word-Wrap, Word-Break, TABLES FIX

System.Web.Caching.Cache, HttpRuntime.Cache, and IIS Recycles

FIX: Requested Registry Access is not allowed (Visual Studio 2008)