Azure SQL Active Directory Integrated Auth, Federated Domains

4
votes

I Have been unable to connect to Azure SQL Server using Active Directory Integrated Auth. When attempting to authenticate I get the error below.

Any Ideas on how to further identify this issue would be appriciated.

Cheers

Cannot connect to XXXXXXX.database.windows.net.

===================================

Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory (Authentication=ActiveDirectoryIntegrated). Error code 0xCAA9002C; state 10 Failed to parse XML blob. Reason: XML document must have a top level element. Line: 0, Position: 0 Text: (null) (.Net SqlClient Data Provider)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=0&LinkId=20476

Server Name: XXXXXXX.database.windows.net Error Number: 0 Severity: 11 State: 0 Procedure: ADALGetAccessToken

Program Location:

   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling)
   at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
   at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
   at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
   at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
   at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
   at System.Data.SqlClient.SqlConnection.Open()
   at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)
   at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()
2
sql-serverazureauthenticationactive-directory
What client are you using? Where is the error coming from? - ranieuwe
I can repro like this: $sqlConnection = New-Object System.Data.SqlClient.SqlConnection 'Server=foo.database.windows.net;Database=foo;TransparentNetworkIPResolution=false;pooling=true;Authentication=Active Directory Integrated;' $SqlConnection.Open() - Craig - MSFT
Was this ever resolved? I'm experiencing the same error message. - GoodwinSQL
Please file an Azure Support ticket when this occurs and have the ticket assigned to the ADAL Team. If you do not have an Azure Support plan, a one-time ticket can be activated to capture this specific issue. Please reach out to AzCommunity at microsoft.com with your subscription GUID and this forum post. - Mike Ubezzi
same problem, was it resolved? - Zhongmin

2 Answers

1
votes

I recently encountered similar issue and noted that our Azure instances required MFA Login. The Blob is actually the HTML Login page forcing the response.

0
votes

I am Connecting using SSMS after logging in to a machine on the federated domain.

The error is being returned to SSMS when an connection is attempted.

I am assuming Azure SQL Server can identify that the user is from a federated domain by the fact that Procedure: ADALGetAccessToken is being called?

THanks

M