This article describes the following about this hotfix release:

•	The issues that are fixed by this hotfix package
•	The prerequisites for installing the hotfix package
•	Information about whether you must restart the computer after you install the hotfix package
•	Information about whether the hotfix package is replaced by any other hotfix package
•	Information about whether you must make any registry changes
•	The files that are contained in the hotfix package

Back to the top

In SQL Server 2005, you receive a "Logon Error: 18456" error message when you try to log on to an instance of SQL Server 2005 and the following conditions are true:

•	You try to use a SQL Server authenticated login to log on to the instance.
•	The SQL Server service is configured to use a domain account for the service startup account.
•	The SQL authenticated logins that receive the "Logon Error: 18456" error message are configured to use Windows domain password policy enforcement. Note By default, Windows domain password policy enforcement for SQL authenticated logins is enabled unless you explicitly set the CHECK_POLICY clause of the CREATE LOGIN statement to OFF when you create a given login.
•	The service account for the SQL Server startup service is locked or disabled on the domain controller.

If login auditing is configured to write the event of failed logins to the error log for the instance of SQL Server, the following messages are written to the SQL Server Errorlog file: Note The state of this 18456 error is 10. However, you always receive this "Logon Error: 18456" error message that has a state set to 1 in the client application. To increase security, the error message that is returned to the client deliberately hides the nature of the authentication error by always setting the state of the 18456 error to 1. By default, auditing of failed logins is enabled. In this case, the true state of the 18456 error is reported in the SQL Server Errorlog file. For more information about how to troubleshoot 18456 errors, visit the following Microsoft Developer Network (MSDN) Web site:

Back to the top

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site: Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" section and the online request forms display the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

You must have SQL Server 2005 Service Pack 1 installed to apply this hotfix.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Restart information

You do not have to restart the computer after you apply this hotfix.

Registry information

You do not have to change the registry.

Hotfix file information

This hotfix contains only those files that are required to correct the issues that this article lists. This hotfix may not contain of all the files that you must have to fully update a product to the latest build.

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

SQL Server 2005 32-bit version

File name	File version	File size	Date	Time	Platform
Logread.exe	2005.90.2194.0	398,112	29-Sep-2006	00:33	x86
Microsoft.analysisservices.adomdclient.dll	9.0.2194.0	543,520	29-Sep-2006	00:33	x86
Microsoft.analysisservices.deploymentengine.dll	9.0.2194.0	138,016	29-Sep-2006	00:33	x86
Microsoft.analysisservices.dll	9.0.2194.0	1,215,264	29-Sep-2006	00:33	x86
Microsoft.sqlserver.mgdsqldumper.dll	2005.90.2194.0	75,552	29-Sep-2006	00:33	x86
Microsoft.sqlserver.sqlenum.dll	9.0.2194.0	908,064	29-Sep-2006	00:33	x86
Msasxpress.dll	9.0.2194.0	22,304	29-Sep-2006	00:33	x86
Msgprox.dll	2005.90.2194.0	197,920	29-Sep-2006	00:33	x86
Msmdlocal.dll	9.0.2194.0	15,609,632	29-Sep-2006	00:33	x86
Msmdredir.dll	9.0.2194.0	3,990,304	29-Sep-2006	00:33	x86
Mssqlsystemresource.ldf	Not Applicable	524,288	28-Sep-2006	21:26	Not Applicable
Mssqlsystemresource.mdf	Not Applicable	40,108,032	28-Sep-2006	21:26	Not Applicable
Replprov.dll	2005.90.2194.0	547,616	29-Sep-2006	00:33	x86
Replrec.dll	2005.90.2194.0	782,112	29-Sep-2006	00:33	x86
Sqlaccess.dll	2005.90.2194.0	347,936	29-Sep-2006	00:33	x86
Sqlagent90.exe	2005.90.2194.0	319,264	29-Sep-2006	00:33	x86
Sqlservr.exe	2005.90.2194.0	28,964,184	29-Sep-2006	00:33	x86
Sysdbupg.sql	Not Applicable	192,346	21-Aug-2006	15:01	Not Applicable
Xpstar90.dll	2005.90.2194.0	292,640	29-Sep-2006	00:34	x86
Xpstar90.rll	2005.90.2194.0	152,864	29-Sep-2006	00:33	x86

SQL Server 2005 x64-based version

File name	File version	File size	Date	Time	Platform
Logread.exe	2005.90.2194.0	522,528	29-Sep-2006	07:58	x64
Microsoft.analysisservices.adomdclient.dll	9.0.2194.0	543,520	29-Sep-2006	00:33	x86
Microsoft.analysisservices.adomdclient.dll	9.0.2194.0	543,520	29-Sep-2006	07:58	x86
Microsoft.analysisservices.deploymentengine.dll	9.0.2194.0	138,016	29-Sep-2006	00:33	x86
Microsoft.analysisservices.dll	9.0.2194.0	1,215,264	29-Sep-2006	00:33	x86
Microsoft.sqlserver.mgdsqldumper.dll	2005.90.2194.0	75,552	29-Sep-2006	00:33	x86
Microsoft.sqlserver.mgdsqldumper.dll	2005.90.2194.0	91,424	29-Sep-2006	07:58	x64
Microsoft.sqlserver.sqlenum.dll	9.0.2194.0	875,296	29-Sep-2006	07:58	x86
Msasxpress.dll	9.0.2194.0	22,304	29-Sep-2006	00:33	x86
Msasxpress.dll	9.0.2194.0	27,424	29-Sep-2006	07:58	x64
Msgprox.dll	2005.90.2194.0	259,360	29-Sep-2006	07:58	x64
Msmdlocal.dll	9.0.2194.0	15,609,632	29-Sep-2006	00:33	x86
Msmdredir.dll	9.0.2194.0	3,990,304	29-Sep-2006	00:33	x86
Mssqlsystemresource.ldf	Not Applicable	524,288	28-Sep-2006	21:26	Not Applicable
Mssqlsystemresource.mdf	Not Applicable	40,108,032	28-Sep-2006	21:26	Not Applicable
Replprov.dll	2005.90.2194.0	745,248	29-Sep-2006	07:58	x64
Replrec.dll	2005.90.2194.0	1,008,416	29-Sep-2006	07:58	x64
Sqlaccess.dll	2005.90.2194.0	355,104	29-Sep-2006	07:58	x86
Sqlagent90.exe	2005.90.2194.0	390,944	29-Sep-2006	07:58	x64
Sqlservr.exe	2005.90.2194.0	39,340,320	29-Sep-2006	07:58	x64
Sysdbupg.sql	Not Applicable	192,346	21-Aug-2006	15:01	Not Applicable
Xpstar90.dll	2005.90.2194.0	540,960	29-Sep-2006	07:58	x64
Xpstar90.rll	2005.90.2194.0	153,376	29-Sep-2006	07:58	x64

Back to the top

To work around this problem, use one of the following methods:

•	Unlock the service account on the domain controller.
•	Do not use Windows domain password policy enforcement for SQL Server authenticated logins. To disable this property, use the following statements: • For a new SQL Server login CREATE LOGIN <SQLAuthenticatedLogin> with PASSWORD = <StrongPassword>, CHECK_POLICY = OFF • For an existing SQL Server login ALTER LOGIN <SQLAuthenticatedLogin> with CHECK_POLICY = OFF

Back to the top

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

This hotfix adds the new trace flag 4614 to SQL Server 2005. When you enable trace flag 4614, you can use SQL Server authenticated logins that use Windows domain password policy enforcement to log on to the instance even though the SQL Server service account is locked out or disabled on the Windows domain controller.

You can interactively enable or disable the trace flag by using the following DBCC TRACEON and DBCC TRACEOFF commands:

•	Enable trace flag 4614 DBCC TRACEON (4614, -1)
•	Disable trace flag 4614 DBCC TRACEOFF (4614, -1)

You can also specify the trace flag as a startup parameter of the SQL Server service. When you specify the trace flag as a startup parameter, the trace flag is automatically enabled when the SQL Server service starts. If you set the trace flag as a startup parameter, you can still use the DBCC TRACEOFF command to disable the trace flag interactively.

Back to the top

For more information about the naming schema for Microsoft SQL Server updates, click the following article number to view the article in the Microsoft Knowledge Base: For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

Back to the top