9

The following post may look same but I was unable to correct the problem after attempting all the solutions provided as answers. (Login failed for user 'DOMAIN\MACHINENAME$')

MY PROBLEM

I am deploying a asp.net web-app with forms authentication enabled on my IIS7 dev server in a Windows Network. My SQL Server is deployed on a remote box, in the same network, with necessary TCP ports opened for remote connections. All the domain users have been given access to necessary databases in SQL server.

Now when I try to run my web-app, following error comes up:

Login failed for user 'DOMAIN\MachineName$'.

I have already given adequate permissions to NT AUTHORITY\NETWORK SERVICE in my SQL server.

I don't want to give any permission to 'DOMAIN\MachineName$' in the SQL server as the developers keep changing the machine names for various test purposes.

The connecting string I am using is:

"Server=SQL-SERVER;Initial Catalog=MyDatabase;Integrated Security=SSPI;Persist Security Info=False"

SQL Provider is System.Data.SqlClient

Anonymous and Form authentication are enabled as my web-app contains login.aspx.

Community
  • 1
  • 1
Swastik Gupta
  • 93
  • 1
  • 4

2 Answers2

8

The point is that whenever you use NT AUTHORITY\NETWORK SERVICE as your application pool user, the system translates this in the network to DOMAIN\MachineName$.

What we do is to use the user name of the developer to connect to the machine by setting the username of the application pool to the developer's name.

Stephen Reindl
  • 5,659
  • 2
  • 34
  • 38
  • I still don't understand why some projects will default to domain/username and others default to domain/machinename. The thing about this solution is that the other devs working on the project have to know about this fix to get the project to work correctly, instead of just pulling it down and having it work. – mac10688 Dec 31 '15 at 13:40
  • Are they all use either IIS or do they use IIS express? In case of the latter one the username is used all the time, for IIS this depends on the settings in the application pool. – Stephen Reindl Jan 09 '16 at 09:04
  • I wish the 'Network Service' attempted 'DOMAIN\MachineName$'. But on my IIS 7, that's just not the case. My IIS is using 'ApplicationPoolIdentity' and when it runs, it's really connecting as 'DOMAIN\MachineName$'. On *another computer*, I have a server computer and i *want* it to use 'DOMAIN\MachineName$' and i've tried all the Built-in account options and NONE of them use 'Domain\MachineName$' when connecting to SQL. So it's not as simple as this. I wish it were. – Shawn Kovac Oct 27 '16 at 15:37
  • 2
    On a local computer, "Network Service" is translated to "Network Service" (sic!) AFAIK. The translation to the machine name is only done in case you connect to another computer. – Stephen Reindl Nov 10 '16 at 20:29
3

I also encounter same problem in my intranet environment. The solution is simple yet hard to grab the idea. Usually, The IT Security In-charge will give you active directory service account to log in to your database. You can manage to log in with ssms but it fails in IIS because IIS choose to connect with domain/computername. So set custom account and fill in your domain/username and password.

  1. In IIS Manager, select the application pool that your web app uses or create a new one if you use the default one.
  2. Click on “Advanced Settings” in the right Actions bar. Under Process Model, click on the “Identity” value and select “Custom account”.
  3. Click on the “Edit” and enter domain/user name and password for user account.
  4. If you enter all information correctly, the pop-up will be closed successfully without any error messages.
  5. After that stop your Web Site.
  6. Back again to your application pool and click on the “Recycle”.
  7. Start your Web Site.

And that's it. you web application will successfully connect from IIS.

phonemyatt
  • 1,287
  • 17
  • 35