Cannot use the special principal 'sa'

Hello,

I am starting to use SQL Server 2005. I am having trouble connecting remotely. I tried to enable the 'sa' user and got this error:

Cannot use the special principal 'sa'

Is the 'sa' user no longer valid for remote connections?

Thank you

Did you enable "Mixed Mode" authentication? If you use Windows authentication, sa is disabled by default.

Sung

|||

How did you try to "enable" sa? What statement did you execute to get that error?

Thanks
Laurentiu

|||

Thank you for your reply.

Yes, I did enable Windows authentication, but when I could not connect remotely I decided to to try and connect using SQL authentication. Can I change the authentication mode?

Thank you

|||

Yes, you can change the authentication mode: go to Management Studio and open Object Explorer. Connect to your server and right-click on the server name, then select Properties. Go to Security tab and under Server Authentication select SQL Server and Windows Authentication Mode.

Thanks
Laurentiu

|||

Also, after you follow the directions above, you will also need to explicitly enable the sa account as well. In the same place as before, go to Security->Logins. Right-click on the "sa" account, select "Properties". In the list on the left, select "Status" and under "Login" on the right, make sure "Enable" is selected.

[edit] - nevermind, looks like you got it working :)

Sung

|||

I found the steps to change the authentication.

Now I can login remotely.

Thank you

CANNOT SET PARTNER 'NT AUTHORITY\ANONYMOUS LOGON.' failed

i tried to set up mirroring having only principal and mirror. mirroring endpoints were easily created for both servers. when i try to add the partner name it responds with
Msg 1418, Level 16, State 1, Line 1
The server network address "TCP://machine1.domain.com:5022" can not be reached or does not exist. Check the network address name and that the ports for the local and remote endpoints are operational.
On the log of machine1 i see,
Database Mirroring login attempt by user 'NT AUTHORITY\ANONYMOUS LOGON.' failed with error: 'Connection handshake failed. The login 'NT AUTHORITY\ANONYMOUS LOGON' does not have CONNECT permission on the endpoint. State 84.'.

i have similar problems as in

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1020144&SiteID=1

i am a sysadmin on both SQL Servers and have connect permission on both end points.
Both the endpoints are in started state and listening to all IP's
Both services are as 'Local System'
As per what was mentioned in the above post to add a 'domain/machine$' user did not help.
Tried using setspn.exe to add a new SPN MSSQLsvc/<HOST>:<MIRRORINGPORT> did not work. an ERROR comes 'not enough privileges'
setup shows the following SPN only on both
HOST/Machine name
HOST/Machine name.Domin.com
MSSQLSvc/Machine name.Domin.com:1433
SMTPSVC/Machine name
SMTPSVC/machine name.Domain.com

and on second machine
HOST/Machine name

HOST/Machine name.Domin.com

MSSQLSvc/Machine name.Domin.com:1433

any Clues?

Udit Ghai wrote:

Tried

using setspn.exe to add a new SPN

MSSQLsvc/<HOST>:<MIRRORINGPORT> did not work. an ERROR

comes 'not enough privileges'

This is probably your problem. Run this command from an account with enough priviledges on the Active Directory. One easy trick is to run this command as the LocalSystem of the machine <HOST>. To achieve this, you must start a command prompt as LocalSystem on <HOST>. Use the AT service for this, scheduling an interactive CMD.EXE one minute in future. E.g. if the clock is 11:45, run this:
at 11:46 /interactive cmd.exe
In one minute a command prompt running as LocalSystem will popup. From this, run the SETSPN. You must do this on all machines involved (principal, witness, mirror if any)

HTH,
~ Remus

P.S. This assumes you're running the SQL Server service as LocalSystem or as NETWORK SERVICE.