This article was previously published under Q238238
This article has been archived. It is offered "as is" and will no longer be updated.
BUG #: 56167 (SQLBUG_70)
SQL Server and ODS developed applications commonly use the ODS API srv_impersonate_client during login processing to test authentication credentials. The credentials are checked and the ODS API call srv_revert_to_self is invoked to revert the worker thread security context.
When the client connects over the multi-protocol network library, the srv_revert_to_self API returns FALSE and does not properly revert the worker thread security context. SQL Server does not log this failure in the errorlog.
The srv_revert_to_self function uses RpcRevertToSelf instead of RpcRevertToSelfEx.
Open Data Services(ODS) supports multiple network protocols. Using protocols such as Named Pipes or TCP/IP properly revert the worker thread context.
Microsoft has confirmed this to be a problem in SQL Server 7.0. This problem has been corrected in U.S. Service Pack 2 for Microsoft SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
254561 INF: How to Obtain Service Pack 2 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
For more information, contact your primary support provider.
Since the revert does not take place properly, subsequent operations performed by the worker thread requiring a security check can fail. When the worker thread remains impersonated the security operation is a delegation attempt and not currently supported on Windows NT 4.0.
Examples of external actions would be BULK INSERT and linked server executions. You may see the following error from the BULK INSERT command:
Server: Msg 4861, Level 16, State 1, Line 1Could not bulk insert because file '\\HSCDRMAN01\CDR\BCPFiles\BCP_cdr_05301999.close' could not be opened. Operating system error code 5(Access is denied.).