...cannot contact a domain controller..

[Beantreeze 1]

Hello -

 

I recently received a new laptop at work, and, for security purposes, the laptop and my credentials are in a different AD tree than my SQL Server. My laptop is under USDA.net, and the SQL Server is in the tree for the University where our offices are located. 

 

I've set up a Windows credential that seems to work, as I can connect my laptop to the SQL Server using SSMS, and I successfully set up a DataSource in ODBC using the 'ODBC Driver 18 for SQL Server'. I just have to make sure that the 'Trust Server Certificate' box is checked.

 

However, when I place & test an TFDConnection to my SQL Server in Delphi, I'm receiving the message:

 

The system cannot contact a domain controller to service the authentication request. Please try again later.

 

To mimic the 'Trust Server Certificate' setting, I've added TrustServerCertificate=yes to the ODBCAdvanced setting in the FireDAC Connection Editor. [I get a '...certificate chain not trusted...' error when I omit that].

 

The connection seems to work for everything except FireDAC, and I'm at a loss as to what to do next. Any ideas?

 

Edited April 23 by Beantreeze

[Beantreeze 1]

BTW, I'm using Delphi 12 Athens on Windows 11 on my laptop.

[Brian Evans 105]

Check the Info tab in the FireDAC Connection Editor after trying to connect. 

 

As well not sure what you mean by: "I've set up a Windows credential that seems to work" 

[Die Holländer 45]

 

This is the config that works here..

Note, the DatabaseName is added two times. (Also MetaDefCatalog)

"dbo" as the MetaDefSchema.

 

Play with the OSAuthent and MARS properties.  (switch Yes/No)

[Beantreeze 1]

19 hours ago, Brian Evans said:

Check the Info tab in the FireDAC Connection Editor after trying to connect. 

 

As well not sure what you mean by: "I've set up a Windows credential that seems to work" 

Here's the information from the Info tab:

 

 

And, do you not understand Windows Credential or that it "seems" to work? It does work, substituting my credentials for the server when I try to attach using Windows authentication on every method except FireDAC.

 

Also, I was able to connect using SQL Server authentication, but that's a non-starter for us, as we must use Windows authentication.

 

Teri

[Die Holländer 45]

What is your MSSQL server version?

I Remember I had some problems when I used in the config under "Server" the

servername instead of the ServerIP. Maybe you check that also.

So, not xx.xx.edu but the real IP of the server, like 102.x.x.x 

 

Basically the FireDac config is creating a connectstring. Since you can login with

the MS SQL Server Management Studio you can ask for the connectstring

when logged in:

SELECT
    'data source=' + @@SERVERNAME +
    ';initial catalog=' + DB_NAME() +
    CASE type_desc
        WHEN 'WINDOWS_LOGIN' 
            THEN ';trusted_connection=true'
        ELSE
            ';user id=' + SUSER_NAME()
    END
FROM sys.server_principals
WHERE name = suser_name()

See also: ConnectStrings

 

 

Edited April 25 by Die Holländer

[Beantreeze 1]

@Die Holländer I tried the Select statement you gave me within SSMS and got this result:

 

data source=ARSMOCOL3AQUARI;initial catalog=CSWQ_Data;trusted_connection=true

 

I also tried using the actual number IP address for the server, but I got the same "... cannot contact a Domain controller..." error message.

 

I'm wondering if I can specify an SPN (Server Principal Name) somewhere within the TFDConnection, or if that would help.

[Beantreeze 1]

Finally resolved the issue! (Though I'm not completely happy with the solution).

 

After installing Delphi 12 Athens using my admin account, I tried running Delphi with my regular-access account, but there were no components, no list of Create New projects, no access to GetIt components. Though Installation help at Embarcadero assured me that any user would be able to use Delphi on my workstation after it was installed using the admin account, that was not the case.

 

As I result, I have been running Delphi under my admin account.  However, all of my Windows Credentials were created under my regular account. So, not too happy with Embarcadero right now.

 

 

[Lajos Juhász 293]

Why are you unhappy with Embarcadero if you have permission problems with your regular account?

[Die Holländer 45]

On 4/26/2024 at 7:19 PM, Beantreeze said:

Finally resolved the issue! (Though I'm not completely happy with the solution).

Would be nice when you tell us what resolved the issue.. 

[Die Holländer 45]

5 hours ago, Die Holländer said:

Would be nice when you tell us what resolved the issue.. 

>As I result, I have been running Delphi under my admin account.  However, all of my Windows Credentials were created under my regular account. 

OK, I understand. You could not connect the database because your credentials where not avaible in your admin account.

I think because Delphi has a user license not everyone using your computer with another login can use Delphi.

 

[Beantreeze 1]

I have a great MEA CULPA to issue to Embarcadero. I was told that if I installed Delphi/RAD Studio using "Run as Admin", that my regular account would have full access to Delphi. I thought for sure that I had done that the first time I installed Delphi, but apparently I had not.

 

Before writing a long "diatribe" about how the installation messed up my use of Delphi and access to my SQL Servers, I tried one more time to install, after uninstalling, Delphi, using "Run as Admin". VOILA! Success.

 

I hate when I get in my own way like this. My face will be red for a bit.

 

(In my own defense, I have had trouble in the past not installing using my own credentials, then inputting the admin credentials upon prompting).

 

Teri

[Sherlock 663]

@Beantreeze Don't worry. We have all been there. Some (like me) more than others. It is part of the learning experience called life.