As the error suggests the SQL log is filling with the error:
Login failed for user 'xxx\xxx$'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: xxx.xxx.xxx.xxx]
This is a SQL cluster and the account trying to login is the passive node account. The account doesn't exist in SQL itself so I don't think this is a SID mismatch.
I have checked the ring buffer DMVs which I have placed below, however I don't think this is giving me much.
runtime Notification_Time ErrorCode CallingAPIName APIName SPID Record Id Type Record Time Current Time
2014-10-24 10:22:50.953 2014-10-23 15:38:24.547 0x139F NLShimImpersonate ImpersonateSecurityContext 62 18610 RING_BUFFER_SECURITY_ERROR 10966336138 11033802544
I have checked and IIS is not on the passive node so there is no double hop coming from there, and in the services I can see nothing obvious as to what could be causing it. SQL Browser is set to local service, could that be trying to log in?
Best Answer
It seems I have found the issue. It was System Center Operations Monitor trying to log into SQL via the cluster name however it was set to use Local System and didn't have access. I changed this to a specific monitoring account and its working now.