PRB: "Client Unable to Establish Connection" Error Message When Connecting from ASP to SQL Server


Symptoms


When opening a connection in Active Server Pages (ASP) code to SQL Server on a separate computer from the Web server, one of these similar error messages may appear:

Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC SQL Server Driver]Client unable to establish connection
/asppage.asp, line xxx
-or-
Microsoft OLE DB Provider for SQL Server error '80004005'
[DBNMPNTW]ConnectionOpen (CreateFile()).
/asppage.asp, line xxx
-or-
Microsoft OLE DB Provider for ODBC Drivers error '80040ed'
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT Authority\Anonymous Logon'.
/asppage.asp, line xxx

Cause


This error occurs if SQL Server security mode is set to Microsoft Windows NT only and the NT account that is being used to authenticate the user on the IIS computer (such as IUSR_computer for anonymous IIS access) does not have permissions to connect to the remote SQL Server's NT computer.

Resolution


Using IIS Anonymous Access
  1. Using NT's User Manager Tool, create an identical NT account, such as IUSR_localcomputer, on the remote SQL Server's NT computer. Give the account a similar password and give it the right to "Log On Locally."
  2. Using Internet Service Manager, open the Properties Sheet of the virtual directory for the Web application, select the Directory Security tab, click on the Edit button for Anonymous Access and Authentication Control to display the Authentication Methods. Click the Edit button for Allow Anonymous Access to edit the NT account used for anonymous access, and then clear the check box Enable Automatic Password Synchronization. Save the changes by clicking OK to close the dialog box.

    This second step is necessary because of account delegation issues with NT.
Using IIS Basic Authentication
  1. Refer to the preceding steps if users sign on to IIS using accounts local to the NT server with IIS when prompted for the user name and password by the browser.
  2. If users sign on by using a domain account and both NT computers for IIS and SQL Server are in the same domain, ensure that the accounts have the right "Access This computer from a Network" on the SQL Server's NT computer, either directly or indirectly, based on the rights assigned to a group of which the account is a member.