Help and Support

Cannot connect to SQL database on Windows NT Server computer with IIS

View products that this article applies to.
Article ID:229286
Last Review:July 3, 2006
Revision:2.2
This article was previously published under Q229286
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
On This Page

SYMPTOMS

On a Windows NT Server computer running Internet Information Server (IIS) version 3.0, 4.0, or 5.0, the following ODBC error message appears when you try to verify a connection to a remote SQL database:
ODBC Error: "Client cannot establish connection." SQL ODBC Driver (SQLSRV32.dll) version 3.70.05.87 (10/04/98)

Back to the top

CAUSE

Microsoft SQL Server Integrated Security requires NTLM authentication in order to map user accounts to SQL Server accounts.

After a Web browser is authenticated by IIS, an authenticated connection to the SQL Server is not possible. IIS is using the IUSR account when it attempts to connect to SQL Server. When using the IUSR account to connect to the SQL Server, NTLM authentication is used.

Essentially, IIS does not have the necessary information to complete the NT authentication process.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

MORE INFORMATION

To work around this issue, use one of the following methods:

Back to the top

Method 1: Host IIS and SQL Server on the Same Computer

By eliminating the need for IIS to create an authenticated connection to SQL Server, you can work around this issue.

To do this, you must use a data source name (DSN) that looks directly to the local computer for the SQL Server, and not to the network. This can be done by using the "(local)" setting in a System DSN.

Back to the top

Method 2: Use Basic Authentication Instead of NTLM in IIS

By using Basic Authentication, the password is BASE64 encoded and sent to IIS during the authentication process. With the password, IIS can now complete the NTLM authentication process when connecting to SQL Server.

Note With Basic authentication, we recommend that the data be encrypted by using SSL because it is very easy to obtain credentials from a network trace.

Back to the top

Method 3: Map the Anonymous User Account from IIS to a SQL Server Guest Account

This method assumes that all users will have the same level of privileges to the SQL Server resources. Every user browsing to the Web will have access to the database.

176378 (http://support.microsoft.com/kb/176378/) How To SQL Server with integrated security, IIS on same machine
176380 (http://support.microsoft.com/kb/176380/) How to use ASP with a SQL trusted connection with guest account


Back to the top

APPLIES TO
Microsoft FrontPage 2000 Standard Edition

Back to the top

Keywords: 
kbbug kbpending KB229286

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.