Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

Question

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

Sam H 5

I'm working on configuring Azure SQL Server authentication using Microsoft Entra Integrated.

Here’s my setup:

I have an Azure SQL Server with an active database.
My laptop is connected to Azure AD.
I’ve opened SQL Server Management Studio (SSMS), entered the Azure SQL Server name in the server field, and selected Microsoft Entra Integrated under Authentication.
However, when I click "Connect," I receive an error.

Error message:

===================================

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

Error code 0xintegrated_windows_auth_not_supported_managed_user

Integrated Windows Auth is not supported for managed users. See https://aka.ms/msal-net-iwa for details. (Framework Microsoft SqlClient Data Provider)

For help, click: https://docs.microsoft.com/sql/relational-databases/errors-events/mssqlserver-0-database-engine-error

Server Name: sql_server_db.database.windows.net

Error Number: 0

Severity: 11

State: 0

Procedure: AcquireToken

Program Location:

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OnFedAuthInfo(SqlFedAuthInfo fedAuthInfo)

at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)

at Microsoft.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover, Boolean isFirstTransparentAttempt, Boolean disableTnir)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)

at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, ServerCertificateValidationCallback serverCallback, ClientCertificateRetrievalCallback clientCallback, DbConnectionPool pool, String accessToken, SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo, Boolean applyTransientFaultHandling)

at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)

at Microsoft.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)

at Microsoft.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)

at Microsoft.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)

at Microsoft.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)

at Microsoft.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)

at Microsoft.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry, SqlConnectionOverrides overrides)

at Microsoft.Data.SqlClient.SqlConnection.Open(SqlConnectionOverrides overrides)

at Microsoft.Data.SqlClient.SqlConnection.Open()

at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateSqlConnection(UIConnectionInfo ci, IDbConnection dbConnection, IServerType server)

at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)

at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()

I would greatly appreciate your assistance with this issue.

Erland Sommarskog 127.7K Reputation points MVP Volunteer Moderator

2024-07-29T22:03:57.6333333+00:00

I don't know if it is relevant, but I try to connect to one of my Azure SQL DB using Entra Integrated, and I got exactly the same error as you. I don't know on the top of my head, if I've I enabled that database for Entra. What do I know is that I'm logged on to Windows in the normal way, and not through Entra. So maybe that is the problem? You are logged to Windows with a normal Windows login.

Also observe Hossein's point about what is required for Azure SQL Database to use Entra authentication. (For which Hossein uses the old name Azure AD authentication.)
Sam H 5 Reputation points

2024-07-30T19:29:41.8466667+00:00

I have tired logging in to Windows as normal Windows login, but got the same error message:

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

Error code 0xget_user_name_failed

Failed to get user name.

4 answers

Your answer

Erland Sommarskog 127.7K Reputation points MVP Volunteer Moderator

2024-07-29T22:03:57.6333333+00:00

I don't know if it is relevant, but I try to connect to one of my Azure SQL DB using Entra Integrated, and I got exactly the same error as you. I don't know on the top of my head, if I've I enabled that database for Entra. What do I know is that I'm logged on to Windows in the normal way, and not through Entra. So maybe that is the problem? You are logged to Windows with a normal Windows login.

Also observe Hossein's point about what is required for Azure SQL Database to use Entra authentication. (For which Hossein uses the old name Azure AD authentication.)
Sam H 5 Reputation points

2024-07-30T19:29:41.8466667+00:00

I have tired logging in to Windows as normal Windows login, but got the same error message:

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

Error code 0xget_user_name_failed

Failed to get user name.

Answer 1

hossein jalilian 13,125 Volunteer Moderator

Thanks for posting your question in the Microsoft Q&A forum.

Ensure that you are using the correct authentication type for connecting to Azure SQL Database. For Azure SQL Database, you should use Azure Active Directory (AAD) Authentication and not Integrated Windows Authentication. The Microsoft Entra Integrated option might not be the correct one for Azure SQL Database.

Make sure that your Azure SQL Database is configured to use Azure AD authentication. You need to have an Azure AD admin configured for your Azure SQL Database and user account is added to the Azure SQL Database as an Azure AD user or group.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

Sam H 5 Reputation points

2024-07-29T18:45:15.7633333+00:00

When using Mircrosoft Entra MFA it works, but I'm trying to connect using the Microsoft Entra Integrated option. Is there a way to get to work? What are my options and is an AD server required?
Oury Ba-MSFT 21,121 Reputation points Microsoft Employee Moderator

2024-08-02T17:14:59.3733333+00:00

Sam H We haven't heard back from you since last comment.

Could you please share the status of the issue.

Regards,

Oury
Oury Ba-MSFT 21,121 Reputation points Microsoft Employee Moderator

2024-08-15T19:41:27.5+00:00

@hossein jalilian

Could you please share the status of the issue. Please do let us know if you are still facing the same issue. I will be happy to assit you further.

Regards,

Oury

Answer 2

Oury Ba-MSFT 21,121 Microsoft Employee Moderator

Sam H Thank you for reaching out.

For integrated auth it is probably your machine is not setup with Entra properly.

Please do also check with administrator or do the following if you have the right permissions.

Join the Machine to Microsoft Entra ID:
- Go to Settings > Accounts > Access work or school.
- Click on Connect and follow the prompts to join the machine to Microsoft Entra ID.
Enable Integrated Windows Authentication:
- Open Internet Explorer and go to Tools > Internet Options.
- Select the Advanced tab and scroll down to the Security section.
- Check the box for Enable Integrated Windows Authentication.
Configure Local Intranet Settings:
- In Internet Explorer, go to Tools > Internet Options > Security tab.
- Select Local Intranet and click on Sites > Advanced.
- Add your Azure SQL Server URL to the list of websites.
Set Up Group Policies:
- Open the Group Policy Editor (gpedit.msc).
- Navigate to Computer Configuration > Administrative Templates > System > Credentials Delegation.
- Enable the policy Allow delegating saved credentials with NTLM-only server authentication and add your server to the list.

Regards,

Oury

Oury Ba-MSFT 21,121 Reputation points Microsoft Employee Moderator

2024-08-29T23:59:57.23+00:00

Sam H

We haven't heard back from, could you please share the status of the issue.?

Regards,

Oury
Oury Ba-MSFT 21,121 Reputation points Microsoft Employee Moderator

2024-09-27T21:30:05.0633333+00:00

Sam H

We still have not hear back from you since my last response.

Id the issue is resolved, please do share the resolution, which might be beneficial to other community members reading this thread.

To login using Microsoft integrated auth.

Use this method if you're logged into Windows using your Microsoft Entra credentials from a federated domain, or a managed domain configured for seamless single sign-on for pass-through and password hash authentication. For more information, see Microsoft Entra seamless single sign-on.

Regards,

Oury

Answer 3

Carlos Jourdan 0

This happened to me on an Windows Hello enabled device when using PIN authentication. Locking the screen and then choosing "other options" => "password" and typing in your azure account password solved it.

Answer 4

I had the same issue when connecting using "Windows Authentication" or "Microsoft Entra Integrated". The posted solutions did not work for me.

Some context:

connecting using SSMS 21
I connect directly to my organization's MS Dynamics instance using my MS organization account.
My Windows device is signed into my organizational account.
My organization has MFA enabled using MS Authenticator

I have resolved this using the below connection

Server Name = "servername.dynamics.com"
Authentication = Microsoft Entra MFA
User Name = your organizational email "******@organization.com"
Password = this is blacked out
Database Name = <default>
Encrypt = Mandatory

Hope this helps as I struggled finding the solution myself

Share via

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated).

4 answers

Your answer