Forum Discussion

ravioverland's avatar
ravioverland
Copper Contributor
Oct 04, 2023

SQL server SSPI Handshake Failed with error code 0x80090311

Hey Team,

 

Our company SQL server randomly has these SSPI handshake failed error which suddenly started. The full error reads "SSPI handshake failed with error code 0x80090311, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. No authority could be contacted for authentication. [CLIENT:devicename].

 

We've been unable to solve this issue and it occurs randomly. When the issue is occuring we cant bastion or rdp onto the server and we also cant rdp from a different server in the same vnet. 

 

We're not too sure what is causing this and struggling to find a solution as this is now starting to affect all our business applications that require a stable connection to the SQL server.

 

Any help would be greatly appreciated.

 

Thanks

Active Directory
Networking
Windows Server
  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor
    Oct 04, 2023

    Hi ravioverland,

    The error code 0x80090311 indicates that the SSPI handshake failed because the client could not contact an authority for authentication. This can happen for a number of reasons, including:

    • The domain controller is unavailable.
    • The client and server are in different domains and the trust relationship between the domains is not configured correctly.
    • The client or server is using an incorrect SPN (service principal name).
    • There is a problem with the network connection between the client and server.
    • There is a problem with the Kerberos authentication process.

    You can try to use the following steps:

    1. Check the availability of the domain controller. Make sure that the domain controller that the client is trying to contact is available and online.
    2. Verify the trust relationship between the domains. If the client and server are in different domains, make sure that the trust relationship between the domains is configured correctly.
    3. Check the SPNs. Make sure that the client and server are using the correct SPNs.
    4. Troubleshoot the network connection. Make sure that the network connection between the client and server is working properly.
    5. Reset the Kerberos cache. You can reset the Kerberos cache on the client and server to try to fix any problems with the Kerberos authentication process.
    6. Install the latest Windows updates. Make sure that the client and server computers have the latest Windows updates installed.
    7. Restart the client and server computers.
    8. Try connecting to the SQL Server again.

    You can use this link as a reference:
    Lost a connection to AD when SQL is trying to authenticate - Microsoft Q&A

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

     

Resources