Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.
If you are a Small Business customer, find additional troubleshooting and learning resources at the Support for Small Business site.
In SQL Server 2005, you receive a "Logon Error: 18456" error message when you try to log on to an instance of SQL Server 2005 and the following conditions are true:
You try to use a SQL Server authenticated login to log on to the instance.
The SQL Server service is configured to use a domain
account for the service startup account.
The SQL authenticated logins that receive the "Logon Error:
18456" error message are configured to use Windows domain password policy enforcement.
Note By default, Windows domain password policy enforcement for SQL
authenticated logins is enabled unless you explicitly set the CHECK_POLICY
clause of the CREATE LOGIN statement to OFF when you create a given login.
The service account for the SQL Server startup service is
locked or disabled on the domain controller.
If login auditing is configured to write the event of failed logins to the error log for the instance of SQL Server, the following messages are written to the SQL Server Errorlog file:
DateTime Logon Login
failed for user '<username>'. [CLIENT: <IP Address>]
Note The state of this 18456 error is 10. However, you always receive this "Logon Error: 18456" error message that has a state set to 1 in the client application. To increase security, the error message that is returned to the client deliberately hides the nature of the authentication error by always setting the state of the 18456 error to 1. By default, auditing of failed logins is enabled. In this case, the true state of the 18456 error is reported in the SQL Server Errorlog file. For more information about how to troubleshoot 18456 errors, visit the following Microsoft Developer Network (MSDN) Web site:
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
How to obtain the latest service pack for SQL Server 2005
You do not have to restart the computer after you apply this
You do not have to change the registry.
Hotfix file information
This hotfix contains only those files that are required to correct
the issues that this article lists. This hotfix may not contain of all the
files that you must have to fully update a product to the latest
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
This hotfix adds the new trace flag 4614 to SQL Server 2005. When
you enable trace flag 4614, you can use SQL Server authenticated logins that
use Windows domain password policy enforcement to log on to the instance even
though the SQL Server service account is locked out or disabled on the Windows
You can interactively enable or disable the trace flag by using the following DBCC TRACEON and DBCC TRACEOFF commands:
Enable trace flag 4614 DBCC TRACEON (4614, -1)
Disable trace flag 4614 DBCC TRACEOFF (4614, -1)
You can also specify the trace flag as a startup parameter of
the SQL Server service. When you specify the trace flag as a startup parameter, the trace
flag is automatically enabled when the SQL Server service starts. If you set
the trace flag as a startup parameter, you can still use the DBCC TRACEOFF command to disable the trace flag interactively.