If you are sure the username and password are correct, you need to call SQLError or SQLGetDiagRec or SQLGetDiagField(SQL_DIAG_NATIVE). The native error is actually the error code returned by GetLastError (the Win32 function) and it gives an indication of why the OOB Server failed to logon as your specified user. In later versions of OOB, a second diagnostic "authentication error number nnnn" has been added (where nnnn is the error number) that saves you from having to look at the native error code.
Error codes we have seen and their solutions are:
|1385|| Logon Failure: the user has not been granted the requested logon type at this computer. Check the user has the Logon Locally permission. |
If you have installed the OOB Server on your primary or secondary domain controller in Microsoft Windows 2003 Server then you should know that a standard user added to the domain is by default added to the ‘Domain Users’ group and they cannot logon to a domain controller. The only ways around this are:
|1314||A required privilege is not held by the client. The OOB Server needs the "Act as part of the operating system" access right to authenticate and become the LogonUser.|
|1326||Logon Failure: unknown username or bad password. The username is not a valid user or the password is invalid. If you have checked these are valid and the user is in an NT domain, try prefixing the username with DOMAIN e.g. NTDOMAIN/Username.|
|1327||Error_Account_Restriction: Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). |
For Windows XP, this can occur if you attempt to login to an OOB Server using a username with an empty password. In XP, by default, users with no passwords are only allowed to login at the console.
|1328||Account logon time restriction violation.|
|1330||The specified account password has expired.|
|1331||Logon failure: account currently disabled. Re-enable the account.|
|1355||The specified domain did not exist. You are using the Domain/Username syntax in LogonUser and Domain does not exist.|
|1909||Account locked out. Unlock the account.|
|87||Parameter incorrect. You have specified an invalid username for the LogonUser attribute e.g. a zero length one. Check the LogonUser attribute is spelt correctly in your registry or ini file e.g. LoginUser is incorrect and results in the OOB Client not finding a username and passing a zero length one.|
|1907||The user must change his password before he logs on the first time. Check the logon settings for the user you are using or logon as that user and set the password.|
|1792||An attempt was made to logon, but the network logon service was not started. Go to Control Panel, Services and make sure the Net Logon service is running.|
Oracle is a registered trademark of Oracle Corporation and/or its affiliates.