SQL Server Management Studio 2008 Runas user on different domain over VPN

Asked 8/3, 2011 at 20:4 Answered 8/7, 2023 at 3:34

Solved sql sql-server-2008 dns runas windows-authentication

I am currently trying to run SQL Server Management Studio 2008 as a user who is on a different domain. I noticed in other threads that running the following command from a batch script will do this however it doesn't seem to work for me.

runas /netonly /user:DOMAIN\USER "C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"

I am asked for my password, the Login screen appears however the Windows Authentication username and password are still incorrectly the currently logged in impersonated user on the local Domain. Attempting to connect to the database on the other domain is unsuccessful regardless.

This seems to work for most people, the kicker for me is that this domain exists over a VPN connection. I am not able to view the VPN domain network computers in My Network Places, and thus I cannot Add Users in Control Panel.

My OS is Vista Business unfortunately, I cannot help this.

Any ideas would be appreciated.

Slosh answered 8/3, 2011 at 20:4 Comment(0)

Try this:

NET USE \\DBSERVER /USER:DOMAIN\USERNAME

You will be prompted for your password. This establishes a NetBIOS session with the database server. You should be able to see the shared folders and shared printers on the database server once you have done that.

If that works you should be able to connect using SSMS as yourself. You may have to specify "named pipes" as the network protocol to usem, if it doesn't work with TCP (but I think it will).

Menu->File->Connect Object Explorer...
Options->Connection Properties->Network protocol
Specify "Named pipes"

Named Pipes inherits your existing NetBIOS session, so provided you can list the shares you are probably good to go.

Update: It looks like in some configurations this does not work with TCP connections, (possibly due to some security update). In these cases you should enable Named Pipes, and set named pipes in your connection string.

Berkman answered 19/3, 2011 at 14:32 Comment(4)

The issue was that the NAT translation is screwed up on our router because it is not handling certain network communication over the VPN. Even the network admins are stumped but when I bypassed the router directly by plugging to the direct connection from the ISP box, your solution actually worked for me. Stupid crappy LinkSys router! >:O – Slosh 15/4, 2011 at 12:53

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452) – Woolfell 1/2, 2013 at 21:19

@JarrettV, the answer is if you can do "net use" you can use integrated authentication with SQL Server including with Visual Studio. If you cannot do "net use", you need to solve that problem separately. Why not ask a new question? – Berkman 3/2, 2013 at 21:47

It looks like in some configurations this does not work with TCP connections. In these cases you should enable Named Pipes (and set named pipes in your connection string). – Berkman 10/12, 2015 at 10:15

You can also try using Windows Credential Manager:

Click on the right pane (Windows Credentials) and on Add a Windows Credential. Under server, use the DB IP address follow by username and passoword. It should work through SSMS, but does not work calling it from an app such as WCF.

Nerveracking answered 8/7, 2023 at 3:34 Comment(0)

Recommended topics

Hot tags