Microsoft KB Archive/313661

= FIX: Error Message: &quot;Timeout expired&quot; Occurs When You Connect to SQL Server Over TCP/IP and the Kerberos MaxTokenSize is Greater Than 0xFFFF =

Article ID: 313661

Article Last Modified on 9/26/2005

-

APPLIES TO


 * Microsoft SQL Server 7.0 Standard Edition

-



This article was previously published under Q313661



BUG #: 102105 (sqlbug_70)



SYMPTOMS
When all of the following conditions are true, you may not be able to connect to SQL Server 7.0 and may receive a &quot;Timeout expired&quot; error message when you try to log on:  You are using Microsoft Windows 2000, or later, as the platform for servers and clients, and you are using Kerberos as the network authentication protocol. The computer that is running SQL Server is using Kerberos.dll version 5.0.2195.2530, or later. The Kerberos registry parameter MaxTokenSize is set to a value greater than 0xFFFF (65535 decimal) in accordance with the following Microsoft Knowledge Base article:

263693 Group Policy May Not Be Applied to Users Belonging to Many Groups

 You are using SQL Server Integrated security. You are using TCP/IP sockets as the SQL Server network library.

Notes


 * The problem described in this article does not apply when you connect to SQL Server 2000.
 * There are many causes for a &quot;Timeout expired&quot; error message. The information in this article applies only to scenarios where all of the conditions listed in the &quot;Symptoms&quot; section are true. In particular, the MaxTokenSize parameter referred to in the third bullet item must be set on the computer that is running SQL Server.

In an ODBC application, the error message is similar to:

SQLState: S1T00 Native Error: 0

Info. Message: [Microsoft][ODBC SQL Server Driver]Timeout expired



CAUSE
SQL Server 7.0 Open Data Services (ODS) was not designed to handle Kerberos Security Support Provider Interface (SSPI) token sizes larger than 0xFFFF.

<div class="resolution_section">

RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301511 INF: How to Obtain the Latest SQL Server 7.0 Service Pack

NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

The English version of this fix should have the following file attributes or later: <pre class="fixed_text">  Date          Time    Version     Size             File name --

27-Nov-2001  02:16   7.00.1014   160,016 bytes   Opends60.dll NOTE: Because of file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.

<div class="workaround_section">

WORKAROUND
To work around this problem you can either:  Upgrade your server to SQL Server 2000.</li> Use another network library to connect to SQL Server 7.0. For example, use Named Pipes.</li> Use SQL Server standard security.</li> Reduce the setting of the MaxTokenSize Kerberos parameter to a value less than 65535. You may need to reduce the number of group memberships as well. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

263693 Group Policy May Not Be Applied to Users Belonging to Many Groups

</li></ul>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.