SharePoint provides connectivity to the external line of businesses (LOB) in many ways. Business Connectivity Services (BCS) is one such offering from SharePoint. BCS, in general, provides OData, WCF, SQL, and .NET connectors to connect to external data sources. With BCS, we can connect to any line of business through Visual Studio Template.
As a no code solution, we can also implement BCS using SharePoint designer by which we can connect directly to SQL Server table which you can refer to from here. The primary requirement is to set up Business Data Connectivity Services Service Application in SharePoint.
In this article, we will see how to resolve the “Login Failed for NT Authority\IUSR” issue that occurs when we open BCS external content type list created using SharePoint designer.
Once the external content type is deployed to SharePoint, we can navigate to central administration and grant the required permissions to the user failing which will get login errors in the external list.
![SharePoint]()
Right click the content type and select ‘Set Permissions’. Add the users to the external content type object and set the required permission for the users.
![SharePoint]()
However, even after assigning the required permissions for the user at the ‘Set Object Permission’ page in central administration, we might get the below login error message when we open the external list.
“Login failed for user ‘NT Authority\IUSR’”.
![SharePoint]()
The reason is, because the user credential that is passed from SharePoint to the database used by the BCS external content type failed to authenticate itself.
IUSR stands for Internet User and the anonymous access is blocked by the database. As a work round let’s try to grant the login for NT Authority\IUSR .
![SharePoint]()
Right click Login and select ‘New Login’.
![SharePoint]()
If you specify merely IUSR, it will take up the LocalAccount\IUSR login.
![]()
Instead of this, specifically mention NT Authority\IUSR.
![SharePoint]()
So, NT Authority\IUSR has been added to the logins.
![SharePoint]()
Now, if we head over to the external list, we will still get an error but a different one. This time the login has failed for a specific database - The database used by external content type- ‘BCS’ in this case.
“Cannot connect to the LobSystem (External System). Reason: 'Cannot open database "BCS" requested by the login. The login failed. Login failed for user 'NT AUTHORITY\IUSR'.”
![SharePoint]()
So, go to the BCS database and add the user to it.
![SharePoint]()
Specify the ‘NT Authority\IUSR’ user.
![SharePoint]()
IUSR has been added to the database security users list.
![SharePoint]()
In order to have access, specify the user access role membership. Though db_owner rights are too much of an offer, you can limit the membership depending on the environment in use.
![SharePoint]()
Now, heading over to the SharePoint external list, the error has gone away.
![SharePoint]()
Summary
Thus, we saw how to resolve the “Login Failed for NT Authority\IUSR” issue while configuring Business Connectivity Services External List in SharePoint 2016.