RSA Identity Governance & Lifecycle collector throws "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" error

2 years ago

Originally Published: 2018-02-12

Article Number

000042002

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Product/Service Type: Data Collection
RSA Version/Condition: 7.0.x

Issue

In attempting to complete collector configurations and testing, seeing the following error message returned from a collector test within the RSA Identity Governance & Lifecycle Admin Console and data is unable to be collected:

In the aveksaServer.log the message is shown:

02/05/2018 04:48:23.134 ERROR (ApplyChangesRegularThread-6407) [com.aveksa.collector.db.util.DBPerformQuery] GetSchemas
java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
    at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:372)
    at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2988)
    at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2421)
    at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:649)
    at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)
    at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
    at java.sql.DriverManager.getConnection(DriverManager.java:571)
    at java.sql.DriverManager.getConnection(DriverManager.java:215)
    at com.aveksa.collector.accountdata.DBGenericAccountReader.getConnection(DBGenericAccountReader.java:874)
    at com.aveksa.collector.db.util.DBPerformQuery.getSchemas(DBPerformQuery.java:120)
    at com.aveksa.collector.db.util.DBPerformQuery.performQuery(DBPerformQuery.java:74)
    at com.aveksa.collector.accountdata.DBGenericAccountReader.performQuery(DBGenericAccountReader.java:921)
    at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.performQuery(AccountDataCollector.java:474)
    at com.aveksa.client.datacollector.framework.DataCollectorManager.performQuery(DataCollectorManager.java:579)
    at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:492)
    at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:120)
    at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
    at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
    at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)
    at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
    at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
    at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
    at java.lang.Thread.run(Thread.java:745)

Cause

The JDBC driver connects to SQL Server using Windows Authentication from an untrusted domain. Windows authentication is enabled by default, as documented in the Microsoft .NET documentation.

Resolution

The SQL Server needs to support both Windows and SQL Server authentication(mixed mode) and the user login must be authenticated using the SQL Server authentication mode.

Notes

This is a legacy Knowledge Base Article and only applies to the listed versions which are no longer actively supported.
RSA does not recommend the continued use of the public domain JTDS driver on current versions of the product.  RSA recommends customers use the JDBC driver specific for their database.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles