FIX: Error message when you try to use a SQL Server authenticated login to log on to an instance of SQL Server 2005: "Logon error: 18456"

Article ID: 925744 - View products that this article applies to.
Bug #: 50000300 (SQL Hotfix)
Notice
Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.
Expand all | Collapse all
This article describes the following about this hotfix release:
  • The issues that are fixed by this hotfix package
  • The prerequisites for installing the hotfix package
  • Information about whether you must restart the computer after you install the hotfix package
  • Information about whether the hotfix package is replaced by any other hotfix package
  • Information about whether you must make any registry changes
  • The files that are contained in the hotfix package
Back to the top | Give Feedback

SYMPTOMS

In SQL Server 2005, you receive a "Logon Error: 18456" error message when you try to log on to an instance of SQL Server 2005 and the following conditions are true:
  • You try to use a SQL Server authenticated login to log on to the instance.
  • The SQL Server service is configured to use a domain account for the service startup account.
  • The SQL authenticated logins that receive the "Logon Error: 18456" error message are configured to use Windows domain password policy enforcement.

    Note By default, Windows domain password policy enforcement for SQL authenticated logins is enabled unless you explicitly set the CHECK_POLICY clause of the CREATE LOGIN statement to OFF when you create a given login.
  • The service account for the SQL Server startup service is locked or disabled on the domain controller.
If login auditing is configured to write the event of failed logins to the error log for the instance of SQL Server, the following messages are written to the SQL Server Errorlog file:
Error message 1
DateTime Logon Error: 18456, Severity: 14, State: 10.
Error message 2
DateTime Logon Login failed for user '<username>'. [CLIENT: <IP Address>]
Note The state of this 18456 error is 10. However, you always receive this "Logon Error: 18456" error message that has a state set to 1 in the client application. To increase security, the error message that is returned to the client deliberately hides the nature of the authentication error by always setting the state of the 18456 error to 1. By default, auditing of failed logins is enabled. In this case, the true state of the 18456 error is reported in the SQL Server Errorlog file. For more information about how to troubleshoot 18456 errors, visit the following Microsoft Developer Network (MSDN) Web site:
http://msdn2.microsoft.com/en-us/library/ms366351.aspx
(http://msdn2.microsoft.com/en-us/library/ms366351.aspx)
Back to the top | Give Feedback

RESOLUTION

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
(http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

You must have SQL Server 2005 Service Pack 1 installed to apply this hotfix.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
913089
(http://support.microsoft.com/kb/913089/ )
How to obtain the latest service pack for SQL Server 2005

Restart information

You do not have to restart the computer after you apply this hotfix.

Registry information

You do not have to change the registry.

Hotfix file information

This hotfix contains only those files that are required to correct the issues that this article lists. This hotfix may not contain of all the files that you must have to fully update a product to the latest build.

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
SQL Server 2005 32-bit version
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Logread.exe2005.90.2194.0398,11229-Sep-200600:33x86
Microsoft.analysisservices.adomdclient.dll9.0.2194.0543,52029-Sep-200600:33x86
Microsoft.analysisservices.deploymentengine.dll9.0.2194.0138,01629-Sep-200600:33x86
Microsoft.analysisservices.dll9.0.2194.01,215,26429-Sep-200600:33x86
Microsoft.sqlserver.mgdsqldumper.dll2005.90.2194.075,55229-Sep-200600:33x86
Microsoft.sqlserver.sqlenum.dll9.0.2194.0908,06429-Sep-200600:33x86
Msasxpress.dll9.0.2194.022,30429-Sep-200600:33x86
Msgprox.dll2005.90.2194.0197,92029-Sep-200600:33x86
Msmdlocal.dll9.0.2194.015,609,63229-Sep-200600:33x86
Msmdredir.dll9.0.2194.03,990,30429-Sep-200600:33x86
Mssqlsystemresource.ldfNot Applicable524,28828-Sep-200621:26Not Applicable
Mssqlsystemresource.mdfNot Applicable40,108,03228-Sep-200621:26Not Applicable
Replprov.dll2005.90.2194.0547,61629-Sep-200600:33x86
Replrec.dll2005.90.2194.0782,11229-Sep-200600:33x86
Sqlaccess.dll2005.90.2194.0347,93629-Sep-200600:33x86
Sqlagent90.exe2005.90.2194.0319,26429-Sep-200600:33x86
Sqlservr.exe2005.90.2194.028,964,18429-Sep-200600:33x86
Sysdbupg.sqlNot Applicable192,34621-Aug-200615:01Not Applicable
Xpstar90.dll2005.90.2194.0292,64029-Sep-200600:34x86
Xpstar90.rll2005.90.2194.0152,86429-Sep-200600:33x86
SQL Server 2005 x64-based version
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Logread.exe2005.90.2194.0522,52829-Sep-200607:58x64
Microsoft.analysisservices.adomdclient.dll9.0.2194.0543,52029-Sep-200600:33x86
Microsoft.analysisservices.adomdclient.dll9.0.2194.0543,52029-Sep-200607:58x86
Microsoft.analysisservices.deploymentengine.dll9.0.2194.0138,01629-Sep-200600:33x86
Microsoft.analysisservices.dll9.0.2194.01,215,26429-Sep-200600:33x86
Microsoft.sqlserver.mgdsqldumper.dll2005.90.2194.075,55229-Sep-200600:33x86
Microsoft.sqlserver.mgdsqldumper.dll2005.90.2194.091,42429-Sep-200607:58x64
Microsoft.sqlserver.sqlenum.dll9.0.2194.0875,29629-Sep-200607:58x86
Msasxpress.dll9.0.2194.022,30429-Sep-200600:33x86
Msasxpress.dll9.0.2194.027,42429-Sep-200607:58x64
Msgprox.dll2005.90.2194.0259,36029-Sep-200607:58x64
Msmdlocal.dll9.0.2194.015,609,63229-Sep-200600:33x86
Msmdredir.dll9.0.2194.03,990,30429-Sep-200600:33x86
Mssqlsystemresource.ldfNot Applicable524,28828-Sep-200621:26Not Applicable
Mssqlsystemresource.mdfNot Applicable40,108,03228-Sep-200621:26Not Applicable
Replprov.dll2005.90.2194.0745,24829-Sep-200607:58x64
Replrec.dll2005.90.2194.01,008,41629-Sep-200607:58x64
Sqlaccess.dll2005.90.2194.0355,10429-Sep-200607:58x86
Sqlagent90.exe2005.90.2194.0390,94429-Sep-200607:58x64
Sqlservr.exe2005.90.2194.039,340,32029-Sep-200607:58x64
Sysdbupg.sqlNot Applicable192,34621-Aug-200615:01Not Applicable
Xpstar90.dll2005.90.2194.0540,96029-Sep-200607:58x64
Xpstar90.rll2005.90.2194.0153,37629-Sep-200607:58x64
Back to the top | Give Feedback

WORKAROUND

To work around this problem, use one of the following methods:
  • Unlock the service account on the domain controller.
  • Do not use Windows domain password policy enforcement for SQL Server authenticated logins. To disable this property, use the following statements:
    • For a new SQL Server login
      CREATE LOGIN <SQLAuthenticatedLogin> with PASSWORD = <StrongPassword>, CHECK_POLICY = OFF
    • For an existing SQL Server login
      ALTER LOGIN <SQLAuthenticatedLogin> with CHECK_POLICY = OFF
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

MORE INFORMATION

This hotfix adds the new trace flag 4614 to SQL Server 2005. When you enable trace flag 4614, you can use SQL Server authenticated logins that use Windows domain password policy enforcement to log on to the instance even though the SQL Server service account is locked out or disabled on the Windows domain controller.

You can interactively enable or disable the trace flag by using the following DBCC TRACEON and DBCC TRACEOFF commands:
  • Enable trace flag 4614
    DBCC TRACEON (4614, -1)
  • Disable trace flag 4614
    DBCC TRACEOFF (4614, -1)
You can also specify the trace flag as a startup parameter of the SQL Server service. When you specify the trace flag as a startup parameter, the trace flag is automatically enabled when the SQL Server service starts. If you set the trace flag as a startup parameter, you can still use the DBCC TRACEOFF command to disable the trace flag interactively.
Back to the top | Give Feedback
For more information about the naming schema for Microsoft SQL Server updates, click the following article number to view the article in the Microsoft Knowledge Base:
822499
(http://support.microsoft.com/kb/822499/ )
New naming schema for Microsoft SQL Server software update packages
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684
(http://support.microsoft.com/kb/824684/ )
Description of the standard terminology that is used to describe Microsoft software updates
Back to the top | Give Feedback

Properties

Article ID: 925744 - Last Review: October 8, 2011 - Revision: 2.0
APPLIES TO
  • Microsoft SQL Server 2005 Standard Edition
  • Microsoft SQL Server 2005 Enterprise Edition
  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Standard X64 Edition
  • Microsoft SQL Server 2005 Standard Edition for Itanium-based Systems
  • Microsoft SQL Server 2005 Enterprise X64 Edition
  • Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
Keywords: 
kbsqlsetup kbautohotfix kbtshoot kbsql2005connect kbsql2005cluster kbHotfixServer kbqfe KB925744
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top