SSPI handshake failed with error code 0x8009030c [Fix]
Implement the solutions in this guide to fix the error
5 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- SSPI handshake failed due to error code 0x8009030c message generally means user authentication failure.
- This happens when the password expires for the current session on a remote system, or the Domain server account may be locked.
- Disabling the Loopback Check and restarting the SQL server browser will fix the problem.
Several SQL Server users have been encountering the SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. on Windows PCs relying on Windows authentication to connect to a SQL Server.
This SQL server error happens due to Kerberos failure as a result of which the user authentication is unsuccessful.
Why do I get the SSPI handshake failed with error 0x8009030c?
The error code 0x8009030c generally shows up due to the Active Directory and network-related issues. Some of the other reasons are as follows:
- Domain account issues – The domain server account operating the SQL Server engine account may be locked when the connection setup is attempted.
- Authentification problems – Kerberos Authentication to connect to SQL Server is not successful.
- Expired password – On a remote PC, the SSPI handshake failed with error code 0x8009030c can also occur when the password expires for the current session.
- Firewall block – A virtual firewall between the app servers and domain controller may block the higher RPC dynamic port range.
- Time synchronization issue – SSPI handshake errors can also trigger because of the time difference between the client and server clock.
If you are looking for effective solutions to easily get past the SSPI handshake failed with error code 0x8009030c, this guide has got you covered.
How do I fix the SSPI handshake failed error code 0x8009030c?
1. Restart the SQL server browser services
- Press the Windows key on the taskbar to bring up the Start menu, and type sql in the search bar.
- Right-click the SQL Server Configuration Manager in the search results and select Run as administrator.
- Click Yes on the User Action Control prompt window.
- Choose SQL Server Services from the left navigation panel of the SQL Server Configuration Manager.
- From the expanded list of services, right-click SQL Server Browser, and then choose Restart from the context menu.
If the SQL Server Browser service running in the background encounters a problem, a problem in establishing the connection may occur, causing the SQL 0x8009030c error; restating it will flush out the underlying cache fixing the issue.
2. Modify the registry
- Press the Windows key to launch the Start menu, type registry editor in the search bar and choose the appropriate option from the result section.
- Enter the following key address to access the following registry key in the registry editor.
HKLM\System\CurrentControlSet\Control\LSA
- Now right-click anywhere on the right section of the registry editor and select New followed by DWORD (32-bit) from the context menu.
- Next, rename the newly created DWORD as DisableLoopbackCheck.
- Right-click DisableLoopbackCheck and choose Modify from the context menu.
- Set the value to 1 and press the OK button.
- Now exit the registry editor and reboot your Windows PC to apply the changes.
Loopback check is a security feature on your OS that restricts access to web applications via a fully qualified domain name (FQDN) if the access attempt was from the system hosting the application.
As reported by several SQL users, disabling the Loopback check option helps resolve the SSPI handshake failed error with error code 0x8009030c.
3. Sync target server clock
- Press the Windows key to launch the Start menu, type sql in the search bar, and choose SQL Server Management Studio from the search results.
- Click the Plus sign in the object explorer to expand the server on which you want to sync the target server clocks with the master server clock.
- Right-click the SQL Server Agent, select Multi Server Administration from the sub-menu, followed by Manage Target Servers from the sub-menu.
- Next, click Post Instructions in the Manage Target Servers dialog box.
- Select Synchronize clocks from the Instruction type list.
- Click the All target servers to synchronize all target server clocks with the master server clock option under the Recipients section.
4. Allow RPC dynamic port range through the Firewall
- Press the Windows key, type group policy editor, and choose the relevant option from the search results.
- On the left pane of the Group Policy Editor window, expand the Computer configuration option.
- Now, go to to the following path:
Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security - LDAP\Inbound Rules
- Right-click Inbound Rules and choose New Rule from the context menu.
- Choose Custom and click Next.
- Choose All programs and click Next.
- Assign TCP as the Protocol type and RPC Dynamic Ports as the Local Port and click Next.
- Specify the IP address of the scan node on the remote IP addresses list and click Next.
- Select Allow the connection and click Next.
- Select the checkboxes that fulfill the machine connection conditions and click Next.
- Specify Radar RPC Dynamic Ports as the name and click Finish.
That’s all about it! We’re hopeful that the SSPI handshake failed with error code 0x8009030c error will be easily resolved by applying the solutions listed in this guide.
You want to check out this guide if you run into the Microsoft SQL Server Error 18456 when trying to log in.
In case you need any further assistance, feel free to drop us a comment below.
User forum
0 messages