FIX: ASP.NET SQL Server Session State Impersonation Is Lost Under Load

Retired KB Content Disclaimer

This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.


If your ASP.NET applications use integrated SQL Server session state, you may receive the following error message in the client browser:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:
[SqlException: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.]
System.Data.SqlClient.SqlConnection.Open() +761
System.Web.SessionState.SqlStateConnection..ctor(String sqlconnectionstring) +105 [HttpException (0x80004005): Unable to connect to SQL Server session database.]
System.Web.SessionState.SqlStateConnection..ctor(String sqlconnectionstring) +195
System.Web.SessionState.SqlStateClientManager.GetConnection() +73
System.Web.SessionState.SqlStateClientManager.GetExclusive(String id) +32
System.Web.SessionState.SqlStateClientManager.BeginGetExclusive(String id, AsyncCallback cb, Object state) +6
System.Web.SessionState.SessionStateModule.GetSessionStateItem() +70
System.Web.SessionState.SessionStateModule.PollLockedSessionCallback(Object state) +171
[HttpException (0x80004005): Exception of type System.Web.HttpException was thrown.]
System.Web.HttpAsyncResult.End() +54
System.Web.SessionState.SessionStateModule.EndAcquireState(IAsyncResult ar) +18
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +80


This problem occurs because impersonation can be lost when session state is being accessed under situations of heavy load in ASP.NET.


A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Microsoft .NET Framework service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Date Time Version Size File Name
13-Jun-2002 04:46 1.0.3705.289 192,512 Aspnet_isapi.dll
13-Jun-2002 04:39 1.0.3705.289 19,332 Aspnet_perf.ini
13-Jun-2002 04:46 1.0.3705.289 24,576 Aspnet_regiis.exe
13-Jun-2002 04:46 1.0.3705.289 2,872 Aspnet_wp.exe
22-Apr-2002 17:54 1.0.3705.289 8,709 SmartNav.js
22-Apr-2002 17:54 1.0.3705.289 7,003 SmartNavIE5.js
13-Jun-2002 22:23 1.0.3705.289 1,187,840 System.Web.dll


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Article ID: 324479 - Last Review: Jul 14, 2008 - Revision: 1