We had an issue that was bothering us. Someone could not log into the SQL Server, when they were in a group. The error message was:
“Token-based server access validation failed with an infrastructure error.”
We had his password reset, and had him re-added to the groups, we suspected maybe he was in too many groups. Things just weren’t working.
When we dropped the login from SQL Server, and added it back, things started working. The root cause ended up being that the Active Directory administrators were dropping the groups, and recreating them. This generated a new SID. The SID stored in SQL Server did not match the SID in AD.
So now we’ve told them “Don’t do that!”