Bug #76646 Connection error when using Windows integrated security on Windows Server 2008
Submitted: 10 Apr 2015 5:19 Modified: 4 Feb 2016 7:26
Reporter: Salman Awan Email Updates:
Status: Can't repeat Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:6.9.6 OS:Microsoft Windows (Windows Server 2008 (SP2))
Assigned to: CPU Architecture:Any
Tags: Windows Authentication Plugin

[10 Apr 2015 5:19] Salman Awan
Description:
I am getting a MySqlException when creating a connection using Windows Authentication Plugin via Connector/NET 6.9.6, but only on Windows Server 2008 (64-bit). Other operating systems on which my code is working without any errors are: Windows 7 (64-bit), Windows Server 2008 R2 (64-bit). 

The details of the exception from Connector/NET on Windows Server 2008 are:
 
MySql.Data.MySqlClient.MySqlException (0x80004005): Authentication to host 'localhost' for user '<username>' using method 'authentication_windows_client' failed with message: Reading from the stream has failed. ---> MySql.Data.MySqlClient.MySqlException (0x80004005): Reading from the stream has failed. ---> System.IO.EndOfStreamException: Attempted to read past the end of the stream. 
at MySql.Data.MySqlClient.MySqlStream.ReadFully(Stream stream, Byte[] buffer, Int32 offset, Int32 count) 
at MySql.Data.MySqlClient.MySqlStream.LoadPacket() 
at MySql.Data.MySqlClient.MySqlStream.LoadPacket() 
at MySql.Data.MySqlClient.MySqlStream.ReadPacket() 
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.ReadPacket() 
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.AuthenticationFailed(Exception ex) 
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.ReadPacket() 
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.AuthenticationChange() 
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.HandleAuthChange(MySqlPacket packet) 
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.Authenticate(Boolean reset) 
at MySql.Data.MySqlClient.NativeDriver.Authenticate(String authMethod, Boolean reset) 
at MySql.Data.MySqlClient.NativeDriver.Open() 
at MySql.Data.MySqlClient.Driver.Open() 
at MySql.Data.MySqlClient.Driver.Create(MySqlConnectionStringBuilder settings) 
at MySql.Data.MySqlClient.MySqlPool.GetPooledConnection() 
at MySql.Data.MySqlClient.MySqlPool.TryToGetDriver() 
at MySql.Data.MySqlClient.MySqlPool.GetConnection() 
at MySql.Data.MySqlClient.MySqlConnection.Open() 

How to repeat:
I can reproduce the issue by running the following code on Windows Server 2008 with MySQL running on localhost:

using MySql.Data.MySqlClient;
using System.Security.Principal;

MySqlConnection connection = new MySqlConnection();
try
{
    string hostname = "localhost";
    string username = WindowsIdentity.GetCurrent().Name.ToLower();
    if (username.Contains('\\'))
        username = username.Split('\\')[1];

    Console.WriteLine("Testing MySQL connection to host \"" + hostname + "\" using Windows auth for current user \"" + username + "\"");

    connection.ConnectionString = "Database=<DB_name>;Server=" + hostname + ";Port=3566;DefaultCommandTimeout=0;AllowUserVariables=true;IntegratedSecurity=yes;Uid=" + username;
    connection.Open();
    Console.WriteLine("SUCCESS!");
}
catch (Exception e)
{
    Console.WriteLine("ERROR: " + e.ToString());
}
finally
{
    if (connection != null)
        connection.Close();
}
[10 Apr 2015 9:24] Chiranjeevi Battula
Hello Salman Awan,

Thank you for the bug report.
I tried to reproduce the issue at my end using Visual Studio 2013 (C#.Net), MySQL Connector/Net 6.9.6 and Windows Server 2008 but not seeing any issues with MySQL connectivity.
Could you please list out the steps you tried out at your end? Please provide repeatable steps for us to confirm this issue at our end.

Thanks,
Chiranjeevi.
[10 Apr 2015 9:25] Chiranjeevi Battula
screenshot

Attachment: 76646.PNG (image/png, text), 21.55 KiB.

[13 Apr 2015 1:21] Salman Awan
Hi Chiranjeevi,

I noticed in your screenshot that you are connecting as 'root' with a password. That works for me too. I only get an issue for Windows Active Directory domain users identified with the 'authentication_windows' plugin who don't require a password for login. Please see the full detailed steps for setting up the scenario and reproducing the error:

Server version:
5.6.16-enterprise-commercial-advanced MySQL Enterprise Server - Advanced Edition (Commercial)
mysql  Ver 14.14 Distrib 5.6.16, for Win64 (x86_64)

Connector/NET version:
6.9.6

Step 1:
Register a Windows Active Directory domain user on the server using the 'authentication_windows' plugin:
CREATE USER 'sawan' IDENTIFIED WITH authentication_windows AS 'DOMAIN_NAME\sawan';

Step 2:
Verify that the Windows Active Directory domain user has been registered correctly:
mysql> select user, plugin, authentication_string from mysql.user where user='sawan';
+-------+------------------------+-----------------------+
| user  | plugin                 | authentication_string |
+-------+------------------------+-----------------------+
| sawan | authentication_windows | DOMAIN_NAME\sawan     |
+-------+------------------------+-----------------------+

Step 3:
Log in on a Windows Server 2008 (64-bit) machine [NOTE: this is NOT the same OS as Windows Server 2008 R2] with the Windows Active Directory domain user which was used in Step 1. Verify the Windows version as below:

C:\>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name:                   Microsoft® Windows Server® 2008 Standard
OS Version:                6.0.6002 Service Pack 2 Build 6002

Step 4:
Using Connector/NET 6.9.6, Visual Studio 2013 and the C# code I posted under 'How to Repeat' section, connect to the MySQL server as the current Windows user using 'authentication_windows' plugin. You will get the exception I mentioned under the 'Description' section.

Step 4a:
Log in on either a Windows 7 (64-bit) or Windows Server 2008 R2 (64-bit) machine with the Windows Active Directory user which was used in Step 1. Using Connector/NET 6.9.6, Visual Studio 2013 and the C# code I posted under 'How to Repeat' section, connect to the server as that user using 'authentication_windows' plugin. Verify that the connection gets created just fine.

NOTE: It doesn't matter which OS the MySQL server is running on. What matters is which OS you are running the Connector/NET client code.

Regards,
Salman
[4 Feb 2016 7:26] Chiranjeevi Battula
Hello Salman Awan,

Thank you for your feedback.
I could not repeat the issue on Visual Studio 2013 (C#.Net), MySQL Connector/Net 6.9.8 and Windows Server 2008 but not seeing any issues with MySQL connectivity.
If you can provide more information, feel free to add it to this bug and change the status back to 'Open'.

Thank you for your interest in MySQL.

Thanks,
Chiranjeevi.
[4 Feb 2016 7:27] Chiranjeevi Battula
Screenshot.

Attachment: 76646_1.png (image/png, text), 78.00 KiB.

[4 Feb 2016 7:28] Chiranjeevi Battula
System info:

C:\>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name:                   Microsoft Windows Server 2008 R2 Enterprise
OS Version:                6.1.7601 Service Pack 1 Build 7601

mysql> select user, plugin, authentication_string from mysql.user where user='hodadmin';
+----------+------------------------+-----------------------+
| user     | plugin                 | authentication_string |
+----------+------------------------+-----------------------+
| hodadmin | authentication_windows | hod\hodadmin          |
+----------+------------------------+-----------------------+