Jump to content
Beantreeze

...cannot contact a domain controller..

Recommended Posts

Posted (edited)

Hello -

 

I recently received a new laptop at work, and, for security purposes, the laptop and my credentials are in a different AD tree than my SQL Server. My laptop is under USDA.net, and the SQL Server is in the tree for the University where our offices are located. 

 

I've set up a Windows credential that seems to work, as I can connect my laptop to the SQL Server using SSMS, and I successfully set up a DataSource in ODBC using the 'ODBC Driver 18 for SQL Server'. I just have to make sure that the 'Trust Server Certificate' box is checked.

image.thumb.png.d910931178e03ba0303ba91ad6b07d82.png

 

However, when I place & test an TFDConnection to my SQL Server in Delphi, I'm receiving the message:

 

The system cannot contact a domain controller to service the authentication request. Please try again later.

 

To mimic the 'Trust Server Certificate' setting, I've added TrustServerCertificate=yes to the ODBCAdvanced setting in the FireDAC Connection Editor. [I get a '...certificate chain not trusted...' error when I omit that].

 

The connection seems to work for everything except FireDAC, and I'm at a loss as to what to do next. Any ideas?

 

image.thumb.png.beffbf83e5db11bcda82272458685b17.png

Edited by Beantreeze

Share this post


Link to post

Check the Info tab in the FireDAC Connection Editor after trying to connect. 

 

As well not sure what you mean by: "I've set up a Windows credential that seems to work

Share this post


Link to post

image.thumb.png.56e891ead10ff52956c9b35eaa6d1b35.png

 

This is the config that works here..

Note, the DatabaseName is added two times. (Also MetaDefCatalog)

"dbo" as the MetaDefSchema.

 

Play with the OSAuthent and MARS properties.  (switch Yes/No)

Share this post


Link to post
19 hours ago, Brian Evans said:

Check the Info tab in the FireDAC Connection Editor after trying to connect. 

 

As well not sure what you mean by: "I've set up a Windows credential that seems to work

Here's the information from the Info tab:

 

image.thumb.png.ba0482645552f2cc16d04dbefb875818.png

 

And, do you not understand Windows Credential or that it "seems" to work? It does work, substituting my credentials for the server when I try to attach using Windows authentication on every method except FireDAC.

 

Also, I was able to connect using SQL Server authentication, but that's a non-starter for us, as we must use Windows authentication.

 

Teri

Share this post


Link to post
Posted (edited)

What is your MSSQL server version?

I Remember I had some problems when I used in the config under "Server" the

servername instead of the ServerIP. Maybe you check that also.

So, not xx.xx.edu but the real IP of the server, like 102.x.x.x 

 

Basically the FireDac config is creating a connectstring. Since you can login with

the MS SQL Server Management Studio you can ask for the connectstring

when logged in:

SELECT
    'data source=' + @@SERVERNAME +
    ';initial catalog=' + DB_NAME() +
    CASE type_desc
        WHEN 'WINDOWS_LOGIN' 
            THEN ';trusted_connection=true'
        ELSE
            ';user id=' + SUSER_NAME()
    END
FROM sys.server_principals
WHERE name = suser_name()

See also: ConnectStrings

 

 

Edited by Die Holländer

Share this post


Link to post

@Die Holländer I tried the Select statement you gave me within SSMS and got this result:

 

data source=ARSMOCOL3AQUARI;initial catalog=CSWQ_Data;trusted_connection=true

 

I also tried using the actual number IP address for the server, but I got the same "... cannot contact a Domain controller..." error message.

 

I'm wondering if I can specify an SPN (Server Principal Name) somewhere within the TFDConnection, or if that would help.

Share this post


Link to post

Finally resolved the issue! (Though I'm not completely happy with the solution).

 

After installing Delphi 12 Athens using my admin account, I tried running Delphi with my regular-access account, but there were no components, no list of Create New projects, no access to GetIt components. Though Installation help at Embarcadero assured me that any user would be able to use Delphi on my workstation after it was installed using the admin account, that was not the case.

 

As I result, I have been running Delphi under my admin account.  However, all of my Windows Credentials were created under my regular account. So, not too happy with Embarcadero right now.

 

 

Share this post


Link to post

Why are you unhappy with Embarcadero if you have permission problems with your regular account?

Share this post


Link to post
On 4/26/2024 at 7:19 PM, Beantreeze said:

Finally resolved the issue! (Though I'm not completely happy with the solution).

Would be nice when you tell us what resolved the issue.. 

Share this post


Link to post
5 hours ago, Die Holländer said:

Would be nice when you tell us what resolved the issue.. 

>As I result, I have been running Delphi under my admin account.  However, all of my Windows Credentials were created under my regular account. 

OK, I understand. You could not connect the database because your credentials where not avaible in your admin account.

I think because Delphi has a user license not everyone using your computer with another login can use Delphi.

 

Share this post


Link to post

I have a great MEA CULPA to issue to Embarcadero. I was told that if I installed Delphi/RAD Studio using "Run as Admin", that my regular account would have full access to Delphi. I thought for sure that I had done that the first time I installed Delphi, but apparently I had not.

 

Before writing a long "diatribe" about how the installation messed up my use of Delphi and access to my SQL Servers, I tried one more time to install, after uninstalling, Delphi, using "Run as Admin". VOILA! Success.

 

I hate when I get in my own way like this. My face will be red for a bit.

 

(In my own defense, I have had trouble in the past not installing using my own credentials, then inputting the admin credentials upon prompting).

 

Teri

Share this post


Link to post

@Beantreeze Don't worry. We have all been there. Some (like me) more than others. It is part of the learning experience called life.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×