#StackBounty: #sql-server #ubuntu #windows-authentication Could not obtain information about Windows NT group/user 'WIN2016mssqlUs…

Bounty: 50

I’ve added Ubuntu 20.04 under a Active Directory Domain Controller and after I create a new User subsequent queries fails with error

1> CREATE LOGIN JohnyBonzela WITH PASSWORD = '***#'
2> GO
1> CREATE LOGIN JohnyBonzela1 WITH PASSWORD = '***#'
2> GO
Msg 15404, Level 16, State 22, Server mssql-ubuntu, Line 1
Could not obtain information about Windows NT group/user 'WIN2016mssqlUser', error code 0x80090304.

Note: first create account was worked well and the problem occurred for subsequent query execution

I found this MS article but no luck with it too https://techcommunity.microsoft.com/t5/sql-server-support/error-15404-could-not-obtain-information-about-windows-nt-group/ba-p/1027461

Here is my key tab file entries

user@mssql-ubuntu:~$ sudo klist -kt /var/opt/mssql/secrets/mssql.keytab
Keytab name: FILE:/var/opt/mssql/secrets/mssql.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 06/25/21 12:31:13 MSSQLSvc/mssql-ubuntu.WIN2016.LOCAL:1433@WIN2016.LOCAL
   2 06/25/21 12:31:13 MSSQLSvc/mssql-ubuntu.WIN2016.LOCAL:1433@WIN2016.LOCAL
   2 06/25/21 12:31:13 MSSQLSvc/mssql-ubuntu:1433@WIN2016.LOCAL
   2 06/25/21 12:31:13 MSSQLSvc/mssql-ubuntu:1433@WIN2016.LOCAL
   2 06/25/21 12:31:13 mssqlUser@WIN2016.LOCAL
   2 06/25/21 12:31:13 mssqlUser@WIN2016.LOCAL
   2 06/25/21 12:31:13 mssql-ubuntu@WIN2016.LOCAL
   2 06/25/21 12:31:13 mssql-ubuntu@WIN2016.LOCAL
user@mssql-ubuntu:~$ sudo klist -kt /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   1 06/17/21 22:15:19 restrictedkrbhost/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 restrictedkrbhost/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/mssql-ubuntu.win2016.local@WIN2016.LOCAL
   1 06/17/21 22:15:19 host/MSSQL-UBUNTU@WIN2016.LOCAL
   1 06/17/21 22:15:19 MSSQL-UBUNTU$@WIN2016.LOCAL
   1 06/17/21 22:15:19 MSSQL-UBUNTU$@WIN2016.LOCAL
   1 06/17/21 22:15:19 MSSQL-UBUNTU$@WIN2016.LOCAL
   1 06/17/21 22:15:20 MSSQL-UBUNTU$@WIN2016.LOCAL
   1 06/17/21 22:15:20 MSSQL-UBUNTU$@WIN2016.LOCAL

I need to always relogin to MsSQL Server only after CREATE LOGIN? Any thoughts why it happens.. does this link make any sense?

P.S. : KVNO for mssql.keytab is shown as 2 while KVNO for krb5.keytab is 1. does it make any differences here?🤔

The User created from Domain Controller has following accesses

CREATE LOGIN [WIN2016mssqlUser] FROM WINDOWS;
 ALTER SERVER ROLE [sysadmin] ADD MEMBER [WIN2016mssqlUser];    
GO

enter image description here

enter image description here


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.