[CRM 2013] Error: 18456, Severity: 14, State: 11.


Login failed for user ‘Domain\MachineName$'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: MachineName]

It’s related to SSRS Reporting Server and run as Network Service account. It’s supposed to be good. Because when you added a computer to domain, it will register Local system and Network Service account permission to the SPN records.
That’s why sometime you don’t know WHY you put Network Service account as a service account, then everything will be fixed. (Reference 2)
I’ve been encountered the error for al long time, and I’ve tried lots methods from Google.com
  • Set up SPN
  • Troubleshooting Error 18456
  • Login failed for user x. Reason Token based server access validation failed and error - 18456
  • Check inappropreated permissions for NT AUTHORITY\NETWORK SERVICE and SQLAccessGroup on SQL server
I still received the errors. It must be something wrong with the permissions
Kerberos? No, because we have a testing machine using NTLM authentication/connections
Because you can run the query below to know your connections
SELECT dc.net_transport, dc.auth_scheme,dc.* FROM sys.dm_exec_connections dc

ORDER by dc.session_id;

Yes, NTLM. but when I saw the result, I found an interesting thing..

It’s the Endpoint_ID. The net_transport is TCP, but why the endpoint_id was running on the other EndPoint rather than the default EndPoint name “TSQL Default TCP” , so I ran another query below

SELECT dc.net_transport, dc.auth_scheme,se.name, dc.* FROM sys.dm_exec_connections dc

inner join sys.endpoints se on dc.endpoint_id = se.endpoint_id

ORDER by dc.session_id;

I found another Endpoint name running on the same port as “TSQL Default TCP” and there were sessions connected to.

So I ran another query to see what sessions are?

SELECT DISTINCT NAME AS database_name, session_id, host_name, login_time, login_name, reads, writes

FROM sys.dm_exec_sessions

LEFT OUTER JOIN sys.dm_tran_locks ON sys.dm_exec_sessions.session_id = sys.dm_tran_locks.request_session_id

INNER JOIN sys.databases ON sys.dm_tran_locks.resource_database_id = sys.databases.database_id

ORDER by session_id;

Two host_name showed up



So after I deleted the customized EndPoint.. anything is going fine


Check your ENDPOINT


1. SQL Server Endpoints: Soup to Nuts


2. Enabling Kerberos for Microsoft Dynamics CRM 2011


3. CRM 2011: Installation issues and way to resolve it


4. CRM 2011 Integration How to Video #1: BizTalk On-Premise to CRM 2011

Newer Older