Forum Discussion
MrGalvan
Aug 28, 2020Copper Contributor
Login Failed for user '<token-identified principal>' for Azure Active Directory Admin
Hello, I am having an issue where I am unable to connect to my Azure SQL database instance w/ my user that is the Active directory admin over the instance, along w/ the databases within that instan...
mguarnier
Aug 29, 2020Copper Contributor
Hi MrGalvan,
I also had this problem, my sql instance is hosted on Azure and I log in with my AD account, but I suddenly lost access. I had to update my credentials in AD Azure only to get access again. That done, everything went back to normal. Have you tried to update your credentials?
Regards,
Marcos Guarnier
- LanorixDec 15, 2020Copper Contributor
mguarnier Hello, could you let me know what you mean by 'update your credentials' - I have one person that seems to intermittently be able to connect via data studio and one that cannot connect at all - very confusing - they are trying to connect to an apollo DB within Azure.
- mguarnierDec 15, 2020Copper Contributor
Lanorix, Hi, have you tried to delete your AD account and create again? It can solve your problem. Before doing this operation, access your account in AD and make an update, for example: change your password and try the access again and if that doesn't resolve, delete the account and create a new one.
- MrGalvanAug 31, 2020Copper Contributor
- MrGalvanAug 31, 2020Copper Contributor
Found the issue and have resolved it.
What happened is the AD group that was assigned as the Active Directory Admin was dropped and created w/ the same name. However, the old group's Object Id wasn't the same as the newly created AD group's Object Id.
Only found this out by looking at the Creation Date of the Active Directory Group. Which shows it was a recent creation date. A time frame within where the issue started happening.
So, it appears that the token assigned to the old group was still saved, but that Object Id no logger existed since the group was re-created w/ a new Object Id.
Remedy: Just dropped AD admin and re-added it and now we're back in business.