How to troubleshoot error 15401
IN THIS TASK
back to the top
The login does not exist
- Verify that the Windows login still exists in the domain. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server.
- Verify that you are spelling the domain and login name correctly and that you are using the following format:Domain\User
- If the login exists, and it is correct, and you still receive the error, continue with the following sections in this article.
Duplicate security identifiersIn a Windows domain, unique Security Identifiers (SIDs) are automatically assigned to Windows logins in the domain. When you add a Windows login as a SQL Server login, the SID is stored in a system table in SQL Server. If you try to add a new login which has the same SID as an existing SQL Server login, the 15401 error occurs.
Note In SQL Server 2005, duplicate SIDs are not allowed.
- To determine if this is the cause of your error, run the following code against the Master database while you are logged on to SQL Server as a member of the sysadmin role:
SELECT name FROM syslogins WHERE sid = SUSER_SID ('YourDomain\YourLogin')
- If a row is returned from this query, a duplicate SID is the cause of your problem.
- One potential cause of this scenario is loading a master database from a server in another domain. One of the logins in that domain may have had the same SID as the login that you are trying to add in this domain. This might also occur in an environment where you have clone or ghost systems.
- You must use sp_revokelogin to drop the login with the matching SID, or, to keep the existing logins, correctly map the logins from the old domain to logins in the new domain. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:314546 How to move databases between computers that are running SQL Server
Authentication failureYou might receive error 15401 when the domain controller for the domain where the login resides (the same or a different domain) is not available for some reason.
- If the login is in a different domain than the SQL Server, verify that the correct trusts exist between the domains.
- Verify that the domain controller of the login is accessible by using the ping command from the computer that is running SQL Server. Check both the IP address and the name of the domain controller.
For more information about ping command, click the following article number to view the article in the Microsoft Knowledge Base:102908 How to troubleshoot TCP/IP connectivity with Windows 2000 or Windows NT
Case sensitivityYou may be experiencing case-sensitivity problems, which are described in the following Microsoft Knowledge Base articles:
back to the top
Local accountsLocal (non-domain) accounts require special handling. If you are trying to add a local account from the local computer that is running SQL Server, view the following Microsoft Knowledge Base article for the correct steps:
- To add the Local System Account as a SQL Server login on Windows NT 4.0, view the procedure in the article Q322988 in the Microsoft Knowledge Base.
- When you add predefined local groups, you must use BUILTIN as the domain.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:216808 Use BUILTIN\Group to grant access to predefined Windows NT groups
Name resolutionIf you have problems resolving the name of a computer that is involved in adding the login or group, you might receive error 15401.
Verify that your name resolution mechanism (such as, WINS, DNS, HOSTS or LMHOSTS) is configured correctly.
back to the top
Article ID: 324321 - Last Review: 11/27/2012 05:58:00 - Revision: 7.0
- kbhowtomaster KB324321