Easysoft ODBC-ODBC Bridge

Why do I get "Invalid authorization specification" and/or "authentication error number nnnn" when the LogonUser and LogonAuth are set to a valid username and password?

Article:
00123
Last Reviewed:
28th October 2008
Revision:
5

If you are sure the username and password are correct, you need to call SQLError or SQLGetDiagRec or SQLGetDiagField(SQL_DIAG_NATIVE). The native error is actually the error code returned by GetLastError (the Win32 function) and it gives an indication of why the OOB Server failed to logon as your specified user. In later versions of OOB, a second diagnostic "authentication error number nnnn" has been added (where nnnn is the error number) that saves you from having to look at the native error code.

Error codes we have seen and their solutions are:

Error codeDescription
1385 Logon Failure: the user has not been granted the requested logon type at this computer. Check the user has the Logon Locally permission.

If you have installed the OOB Server on your primary or secondary domain controller in Microsoft Windows 2003 Server then you should know that a standard user added to the domain is by default added to the ‘Domain Users’ group and they cannot logon to a domain controller. The only ways around this are:

  • Add the user to the ‘Administrators’ or ‘Domain Admins’ group.
  • Move the OOB Server off a domain controller and on to another Windows machine.
1314A required privilege is not held by the client. The OOB Server needs the "Act as part of the operating system" access right to authenticate and become the LogonUser.
1326Logon Failure: unknown username or bad password. The username is not a valid user or the password is invalid. If you have checked these are valid and the user is in an NT domain, try prefixing the username with DOMAIN e.g. NTDOMAIN/Username.
1327Error_Account_Restriction: Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions).

For Windows XP, this can occur if you attempt to login to an OOB Server using a username with an empty password. In XP, by default, users with no passwords are only allowed to login at the console.

1328Account logon time restriction violation.
1330The specified account password has expired.
1331Logon failure: account currently disabled. Re-enable the account.
1355The specified domain did not exist. You are using the Domain/Username syntax in LogonUser and Domain does not exist.
1909Account locked out. Unlock the account.
87Parameter incorrect. You have specified an invalid username for the LogonUser attribute e.g. a zero length one. Check the LogonUser attribute is spelt correctly in your registry or ini file e.g. LoginUser is incorrect and results in the OOB Client not finding a username and passing a zero length one.
1907The user must change his password before he logs on the first time. Check the logon settings for the user you are using or logon as that user and set the password.
1792An attempt was made to logon, but the network logon service was not started. Go to Control Panel, Services and make sure the Net Logon service is running.
Applies To

Knowledge Base Feedback

* Did this content help you?
* Please select one option based on your first choice:

(* Required Fields)


Oracle is a registered trademark of Oracle Corporation and/or its affiliates.