jTDS connection with Windows Authentication

mdichi · February 27, 2025, 12:27am

We have used windows authentication before with no problem. At one particular site, however, it is being troublesome.

We are getting this error when trying to connect to the db, “The login is from an untrusted domain and cannot be used with Integrated authentication”.

In the Lucee console we can actually create a Datasource connection and it works.

LUCEE ADMIN CONSOLE

> this.datasources["THE_DB_NAME"] = {
> 	class: "net.sourceforge.jtds.jdbc.Driver", 
> 	bundleName: "jtds", 
> 	bundleVersion: "1.3.1",
> 	connectionString: "jdbc:jtds:sqlserver://THE_DB_SERVER:1433/THE_DSN;useNTLMv2=true;domain=THE_DOMAIN",
> 	username: "THE_DB_USER",
> 	password: "encrypted:xxxxxx",
> 	
> 	// optional settings
> 	connectionLimit:-1, // default:-1
> 	liveTimeout:15, // default: -1; unit: minutes
> 	validate:false, // default: false
> };

However, when we try to do in from the CFC it gives the error, “The login is from an untrusted domain and cannot be used with Integrated authentication”.

The CFC:

<CFSET This.datasources[appname].class ="net.sourceforge.jtds.jdbc.Driver">
<CFSET This.datasources[appname].connectionString = "jdbc:jtds:sqlserver://THE_DB_SERVER:1433/THE_DSN;useNTLMv2=true;domain=THE_DOMAIN"
<CFSET This.datasources[appname].username = "THE_DB_USER">
<CFSET This.datasources[appname].password = "ABCDEFG">

Any ideas as to what the problem could be. We are using Lucee 5.4 and SQL Server 2022 on Windows 2022.

Gavin_Baumanis · February 27, 2025, 12:45am

Perhaps - there is a setting that is inherently included by doing it via the lucee admin - that you’re missing in your code?

Have you tried by copy/pasting the code that is provided within the Lucee Admin, datasource screen?

psarin · February 27, 2025, 2:00am

You may want to confirm that your security certificates for both server hosting Lucee as well as those in the Java security store used by Lucee are up to date and allowed by the database server. In addition, confirm the user under which Lucee is running has permissions to connect to the server hosting the database server.

mdichi · February 27, 2025, 3:29am

HTTPS is turned off at the moment.

I have SQL connection encryption also turned off (“force encryption=NO”) for now.

I was able to connect with SQL Authentication but am not allowed to use that.

mdichi · February 27, 2025, 3:32am

That’s a good idea. However, I tried it and get the same error.

andreas · February 27, 2025, 4:12am

Are you saying you have successfully been able to connect, but you are not authorized? Then may be a setting issue of the DB. Any logs availabel at the DB server side?

mdichi · February 27, 2025, 4:16am

With SQL Authentication I was able to connect.

I can’t connect with Windows Authentication, which I am required to use.

andreas · February 27, 2025, 6:06am

Have you also verified/troubleshooted the different aspects involving that error menioned here?

mdichi · February 27, 2025, 5:16pm

Thanks, I just reviewed that.

That post on Stack Overflow seems to be referring to the Microsoft JDBC driver. That’s why they refer to the “Integrated Security=true”. The equivalent for the jtds driver is “ntlmV2”, which we are using.

Some things in that post are out of my control. I have to assume the Windows domain and DNS is set up properly. I can connect with ODBC, so that hopefully confirms the domain and DNS.

KabutoTX1 · March 3, 2025, 5:54pm

Maybe a Group Policy disabling it?