Bug #: 50000300 (SQL Hotfix)
Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.
This article describes the following about this hotfix release:
- The issues that are fixed by this hotfix package
- The prerequisites for installing the hotfix package
- Information about whether you must restart the computer after you install the hotfix package
- Information about whether the hotfix package is replaced by any other hotfix package
- Information about whether you must make any registry changes
- The files that are contained in the hotfix package
Symptoms
In SQL Server 2005, you receive a "Logon Error: 18456" error message when you try to log on to an instance of SQL Server 2005 and the following conditions are true:
- You try to use a SQL Server authenticated login to log on to the instance.
- The SQL Server service is configured to use a domain account for the service startup account.
- The SQL authenticated logins that receive the "Logon Error: 18456" error message are configured to use Windows domain password policy enforcement.
Note By default, Windows domain password policy enforcement for SQL authenticated logins is enabled unless you explicitly set the CHECK_POLICY clause of the CREATE LOGIN statement to OFF when you create a given login. - The service account for the SQL Server startup service is locked or disabled on the domain controller.
Error message 1
DateTime Logon Error: 18456, Severity: 14, State: 10.
Error message 2
DateTime Logon Login failed for user '<username>'. [CLIENT: <IP Address>]
Note The state of this 18456 error is 10. However, you always receive this "Logon Error: 18456" error message that has a state set to 1 in the client application. To increase security, the error message that is returned to the client deliberately hides the nature of the authentication error by always setting the state of the 18456 error to 1. By default, auditing of failed logins is enabled. In this case, the true state of the 18456 error is reported in the SQL Server Errorlog file. For more information about how to troubleshoot 18456 errors, visit the following Microsoft Developer Network (MSDN) Web site: Resolution
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Prerequisites
You must have SQL Server 2005 Service Pack 1 installed to apply this hotfix.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Restart information
You do not have to restart the computer after you apply this hotfix.Registry information
You do not have to change the registry.Hotfix file information
This hotfix contains only those files that are required to correct the issues that this article lists. This hotfix may not contain of all the files that you must have to fully update a product to the latest build.The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
SQL Server 2005 32-bit version
| File name | File version | File size | Date | Time | Platform |
|---|---|---|---|---|---|
| Logread.exe | 2005.90.2194.0 | 398,112 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.analysisservices.adomdclient.dll | 9.0.2194.0 | 543,520 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.analysisservices.deploymentengine.dll | 9.0.2194.0 | 138,016 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.analysisservices.dll | 9.0.2194.0 | 1,215,264 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.sqlserver.mgdsqldumper.dll | 2005.90.2194.0 | 75,552 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.sqlserver.sqlenum.dll | 9.0.2194.0 | 908,064 | 29-Sep-2006 | 00:33 | x86 |
| Msasxpress.dll | 9.0.2194.0 | 22,304 | 29-Sep-2006 | 00:33 | x86 |
| Msgprox.dll | 2005.90.2194.0 | 197,920 | 29-Sep-2006 | 00:33 | x86 |
| Msmdlocal.dll | 9.0.2194.0 | 15,609,632 | 29-Sep-2006 | 00:33 | x86 |
| Msmdredir.dll | 9.0.2194.0 | 3,990,304 | 29-Sep-2006 | 00:33 | x86 |
| Mssqlsystemresource.ldf | Not Applicable | 524,288 | 28-Sep-2006 | 21:26 | Not Applicable |
| Mssqlsystemresource.mdf | Not Applicable | 40,108,032 | 28-Sep-2006 | 21:26 | Not Applicable |
| Replprov.dll | 2005.90.2194.0 | 547,616 | 29-Sep-2006 | 00:33 | x86 |
| Replrec.dll | 2005.90.2194.0 | 782,112 | 29-Sep-2006 | 00:33 | x86 |
| Sqlaccess.dll | 2005.90.2194.0 | 347,936 | 29-Sep-2006 | 00:33 | x86 |
| Sqlagent90.exe | 2005.90.2194.0 | 319,264 | 29-Sep-2006 | 00:33 | x86 |
| Sqlservr.exe | 2005.90.2194.0 | 28,964,184 | 29-Sep-2006 | 00:33 | x86 |
| Sysdbupg.sql | Not Applicable | 192,346 | 21-Aug-2006 | 15:01 | Not Applicable |
| Xpstar90.dll | 2005.90.2194.0 | 292,640 | 29-Sep-2006 | 00:34 | x86 |
| Xpstar90.rll | 2005.90.2194.0 | 152,864 | 29-Sep-2006 | 00:33 | x86 |
SQL Server 2005 x64-based version
| File name | File version | File size | Date | Time | Platform |
|---|---|---|---|---|---|
| Logread.exe | 2005.90.2194.0 | 522,528 | 29-Sep-2006 | 07:58 | x64 |
| Microsoft.analysisservices.adomdclient.dll | 9.0.2194.0 | 543,520 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.analysisservices.adomdclient.dll | 9.0.2194.0 | 543,520 | 29-Sep-2006 | 07:58 | x86 |
| Microsoft.analysisservices.deploymentengine.dll | 9.0.2194.0 | 138,016 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.analysisservices.dll | 9.0.2194.0 | 1,215,264 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.sqlserver.mgdsqldumper.dll | 2005.90.2194.0 | 75,552 | 29-Sep-2006 | 00:33 | x86 |
| Microsoft.sqlserver.mgdsqldumper.dll | 2005.90.2194.0 | 91,424 | 29-Sep-2006 | 07:58 | x64 |
| Microsoft.sqlserver.sqlenum.dll | 9.0.2194.0 | 875,296 | 29-Sep-2006 | 07:58 | x86 |
| Msasxpress.dll | 9.0.2194.0 | 22,304 | 29-Sep-2006 | 00:33 | x86 |
| Msasxpress.dll | 9.0.2194.0 | 27,424 | 29-Sep-2006 | 07:58 | x64 |
| Msgprox.dll | 2005.90.2194.0 | 259,360 | 29-Sep-2006 | 07:58 | x64 |
| Msmdlocal.dll | 9.0.2194.0 | 15,609,632 | 29-Sep-2006 | 00:33 | x86 |
| Msmdredir.dll | 9.0.2194.0 | 3,990,304 | 29-Sep-2006 | 00:33 | x86 |
| Mssqlsystemresource.ldf | Not Applicable | 524,288 | 28-Sep-2006 | 21:26 | Not Applicable |
| Mssqlsystemresource.mdf | Not Applicable | 40,108,032 | 28-Sep-2006 | 21:26 | Not Applicable |
| Replprov.dll | 2005.90.2194.0 | 745,248 | 29-Sep-2006 | 07:58 | x64 |
| Replrec.dll | 2005.90.2194.0 | 1,008,416 | 29-Sep-2006 | 07:58 | x64 |
| Sqlaccess.dll | 2005.90.2194.0 | 355,104 | 29-Sep-2006 | 07:58 | x86 |
| Sqlagent90.exe | 2005.90.2194.0 | 390,944 | 29-Sep-2006 | 07:58 | x64 |
| Sqlservr.exe | 2005.90.2194.0 | 39,340,320 | 29-Sep-2006 | 07:58 | x64 |
| Sysdbupg.sql | Not Applicable | 192,346 | 21-Aug-2006 | 15:01 | Not Applicable |
| Xpstar90.dll | 2005.90.2194.0 | 540,960 | 29-Sep-2006 | 07:58 | x64 |
| Xpstar90.rll | 2005.90.2194.0 | 153,376 | 29-Sep-2006 | 07:58 | x64 |
Workaround
To work around this problem, use one of the following methods:
- Unlock the service account on the domain controller.
- Do not use Windows domain password policy enforcement for SQL Server authenticated logins. To disable this property, use the following statements:
- For a new SQL Server login
CREATE LOGIN <SQLAuthenticatedLogin> with PASSWORD = <StrongPassword>, CHECK_POLICY = OFF - For an existing SQL Server login
ALTER LOGIN <SQLAuthenticatedLogin> with CHECK_POLICY = OFF
- For a new SQL Server login
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
This hotfix adds the new trace flag 4614 to SQL Server 2005. When you enable trace flag 4614, you can use SQL Server authenticated logins that use Windows domain password policy enforcement to log on to the instance even though the SQL Server service account is locked out or disabled on the Windows domain controller.
You can interactively enable or disable the trace flag by using the following DBCC TRACEON and DBCC TRACEOFF commands:
You can interactively enable or disable the trace flag by using the following DBCC TRACEON and DBCC TRACEOFF commands:
- Enable trace flag 4614
DBCC TRACEON (4614, -1) - Disable trace flag 4614
DBCC TRACEOFF (4614, -1)
For more information about the naming schema for Microsoft SQL Server updates, click the following article number to view the article in the Microsoft Knowledge Base:
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: