RSA Identity Governance & Lifecycle collector throws "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" error
3 years ago
Originally Published: 2018-02-12
Article Number
000042002
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Product/Service Type: Data Collection
RSA Version/Condition: 7.0.x
Issue
In attempting to complete collector configurations and testing, seeing the following error message returned from a collector test within the RSA Identity Governance & Lifecycle Admin Console and data is unable to be collected:
 
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

In the aveksaServer.log the message is shown:
02/05/2018 04:48:23.134 ERROR (ApplyChangesRegularThread-6407) [com.aveksa.collector.db.util.DBPerformQuery] GetSchemas
java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
    at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:372)
    at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2988)
    at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2421)
    at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:649)
    at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)
    at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
    at java.sql.DriverManager.getConnection(DriverManager.java:571)
    at java.sql.DriverManager.getConnection(DriverManager.java:215)
    at com.aveksa.collector.accountdata.DBGenericAccountReader.getConnection(DBGenericAccountReader.java:874)
    at com.aveksa.collector.db.util.DBPerformQuery.getSchemas(DBPerformQuery.java:120)
    at com.aveksa.collector.db.util.DBPerformQuery.performQuery(DBPerformQuery.java:74)
    at com.aveksa.collector.accountdata.DBGenericAccountReader.performQuery(DBGenericAccountReader.java:921)
    at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.performQuery(AccountDataCollector.java:474)
    at com.aveksa.client.datacollector.framework.DataCollectorManager.performQuery(DataCollectorManager.java:579)
    at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:492)
    at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:120)
    at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
    at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
    at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)
    at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
    at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
    at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
    at java.lang.Thread.run(Thread.java:745)
Cause
The JDBC driver connects to SQL Server using Windows Authentication from an untrusted domain. Windows authentication is enabled by default, as documented in the Microsoft .NET documentation.
 
Resolution
The SQL Server needs to support both Windows and SQL Server authentication(mixed mode) and the user login must be authenticated using the SQL Server authentication mode.
Notes
This is a legacy Knowledge Base Article and only applies to the listed versions which are no longer actively supported.
RSA does not recommend the continued use of the public domain JTDS driver on current versions of the product.  RSA recommends customers use the JDBC driver specific for their database.

 

Related Articles

Trending Articles

Don't see what you're looking for?