Microsoft KB Archive/152828

= INF: IIS Queries to SQL Server Generate Error 1326 =

Article ID: 152828

Article Last Modified on 11/14/2003

-

APPLIES TO


 * Microsoft SQL Server 4.21a Standard Edition
 * Microsoft SQL Server 6.0 Standard Edition
 * Microsoft SQL Server 6.5 Standard Edition

-



This article was previously published under Q152828



SUMMARY
When you use anonymous connections for IIS and you attempt to query remote SQL servers using named pipes, the following error may occur:

[State =01000][Error=1326][Microsoft][ODBC SQL Server Driver]

[SQL Server][dbnmpntw] ConnectionOpen (CreateFile)

Error 1326 means "Logon failure: unknown user name or bad password." This error is raised because the IIS Service does not have any rights to use the named pipe.



MORE INFORMATION
In order for a SQL server client to gain access to a Windows NT named pipe, the client needs to be validated by the Windows NT server. This is normally accomplished through a Workgroups style validation method where identical usernames and passwords are created on the client and the server, or the domain method where both the client and server are domain members.

The Internet Information Server (IIS) setup process creates a Windows NT ID called IUSR_machinename (where machinename is the name of the Windows NT server), and adds that user to the Guest local group. The IIS service runs under this Windows NT account name.

If the connection to IIS is anonymous, IIS uses the Windows NT account IUSR_machinename and so any network activity performed by IIS is done under this account ID.

If the SQL server resides on the same server as IIS, then named pipes connections work and validation is successful.

If the SQL server resides on a separate server from IIS, then the IUSR_machinename account needs to be validated on the Windows NT server that SQL resides on.

This validation can be implemented by several methods:


 * Add the account to the local user account database on the NT server that SQL resides on.
 * Make the Windows NT ID IUSR_machinename a member of the domain that the SQL server resides in.
 * Enable the Windows NT ID Guest.

For more information regarding security and Microsoft Internet Information Server, please refer to the following article in the Microsoft Knowledge Base:

142868 : IIS: Authentication & Security Features

Additional query words: ODBC IIS

Keywords: KB152828

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.