Mirek Sztajno
Last updated on 09/28/15
Examples of some connection errors for Azure Active Directory Authentication with Azure SQL DB V12
(*) Please note that this table does not represent a complete sample of connection errors for Azure AD authentication
and will be extended based on new connection errors experienced by end-users
Error Message | Reason | Action |
Error: 18456
Login failed for user 'NT
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 |
There are many scenarios that may cause this error.
Generally user does not have permission to connect to a database
|
Please check user connect permission |
Error: 40607
Windows logins are not supported in this version of SQL
|
Indicates that the required software for Azure AD auth is not installed (i.e. old version of SSMS, no .NET 4.6, no ADALSQL.DLL) | Check the necessary software is installed. Don’t forget to reboot the machine if .NET 4.6 was installed |
Error: 10054 Cannot connect to myserver1.database.windows.net. A connection was successfully established with the server, but then an error occurred during the login process. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.) (Microsoft SQL Server, Error: 10054) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=10054&LinkId=20476 |
V11 server with managed/federated account | Migrate to V12 server |
Error code 0xCAA90020; state 10 Failed to authenticate the user aadtest@live.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA90020; state 10 Url for WS-Trust metadata exchange endpoint is not a secure (https). |
MSA account is not supported | Choose another user supported for Azure Ad auth |
Error code 0xCAA20002; state 10 Failed to authenticate the user admin@myaad.onmicrosoft.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20002; state 10 AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID. Trace ID: 35e5628c-62e2-466f-9f5d-722f1c34d984 Correlation ID: 77d83afa-541a-4ea8-a942-8442e3c367a7 Timestamp: 2015-08-28 03:10:01Z (.Net SqlClient Data Provider) |
External admin
on SQL server is not set |
Check the
external admin configuration |
Error code
Failed to authenticate the user bob@contoso.com in Active Directory
|
Wrong
username/password for Active Directory Password Authentication targeting federated tenant |
Ensure the
username and password are correct for the federated domain to connect |
Error code
Failed to authenticate the user produser@myaad.onmicrosoft.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20003; state 10 AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password Trace ID: 3558d287-3ffd-4c53-98ac-08c152a09304 Correlation ID: 036d8ae8-1a26-4437-b0aa-7912f1ba0b46 Timestamp: 2015-09-04 20:34:33Z (.Net SqlClient Data Provider) |
Wrong
username/password for Active Directory Password Authentication targeting Managed tenant |
Ensure the
username and password are correct for the managed domain to connect |
Error code
Failed to authenticate the user alice@myaad.onmicrosoft.com in Active Directory (Authentication=ActiveDirectoryPassword). Error code 0xCAA20064; state 10 AADSTS70002: Error validating credentials. AADSTS50055: Password is expired. Trace ID: 25d80a2d-c39b-4f03-ac6c-ae547ee33135 Correlation ID: 78ad0aa5-9f5f-4ff6-881b-76c1bdb87f7a Timestamp: 2015-09-09 17:26:34Z (.Net SqlClient Data Provider) |
Azure AD password expired |
Reset Azure AD
password |