Microsoft KB Archive/928780

= Event ID: 6036 is logged in the System log when you connect to an instance of SQL Server 2005 or to an instance of SQL Server 2000 from a Windows Vista-based computer =

Article ID: 928780

Article Last Modified on 11/20/2007

-

APPLIES TO


 * Microsoft SQL Server 2005 Standard Edition
 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Enterprise Edition
 * Microsoft SQL Server 2005 Workgroup Edition
 * Microsoft SQL Server 2005 Express Edition
 * Microsoft SQL Server 2005 Standard X64 Edition
 * Microsoft SQL Server 2005 Standard Edition for Itanium-based Systems
 * Microsoft SQL Server 2005 Enterprise X64 Edition
 * Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
 * Microsoft SQL Server 2000 Standard Edition
 * Microsoft SQL Server 2000 Enterprise Edition
 * Microsoft SQL Server 2000 Developer Edition
 * Microsoft SQL Server 2000 Workgroup Edition
 * Microsoft SQL Server 2000 Personal Edition

-



SYMPTOMS
Consider the following scenario. You connect to an instance of Microsoft SQL Server 2005 or to an instance of Microsoft SQL Server 2000 from a Windows Vista-based computer. You use integrated authentication for the connection. In this scenario, a Warning event that resembles the following is logged in the System log: Log Name: System

Source: LsaSrv

Date:

Event ID: 6036

Task Category: None

Level: Warning

Keywords: Classic

User: N/A

Computer:

Description: The program, with the assigned Process ID  , supplied a NULL or empty target name for the pszTargetName parameter when calling the InitializeSecurityContext API to initiate an outbound NTLM security context. This is a security risk when mutual authentication is required.

To help protect against a malicious attack, make your code more secure. To do this, change the program so that it specifies a target name in the pszTargetName parameter field, and then recompile the code.

This behavior may occur if one of the following conditions is true:
 * You connect to the instance of SQL Server by using the SQL Server Native Client (SQL Native Client) provider.
 * You connect to the instance of SQL Server by using Microsoft ADO.NET in an application.
 * You connect to the instance of SQL Server by using Windows Data Access Components (Windows DAC) in an application.

Note Windows DAC was formerly known as Microsoft Data Access Components (MDAC).



CAUSE
This event indicates that you used NTLM authentication. You can safely ignore this event. This event is not logged if you use Kerberos authentication.



STATUS
This behavior is by design.



MORE INFORMATION
When you connect to an instance of SQL Server by using integrated authentication, you can use Kerberos authentication if the connection is made by using the TCP/IP protocol. If the connection is made by using a different protocol, the authentication mode falls back to NTLM authentication.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

909801 How to make sure that you are using Kerberos authentication when you create a remote connection to an instance of SQL Server 2005

Keywords: kbtshoot kbprb kbexpertiseadvanced kbsql2005connect KB928780

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.