Microsoft KB Archive/925001

= FIX: Error message when you run queries between two SQL Server 2005 linked servers: &quot;Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'&quot; =

Article ID: 925001

Article Last Modified on 11/20/2007

-

APPLIES TO


 * Microsoft SQL Server 2005 Standard Edition
 * Microsoft SQL Server 2005 Enterprise Edition
 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Workgroup Edition
 * Microsoft SQL Server 2005 Standard X64 Edition
 * Microsoft SQL Server 2005 Standard Edition for Itanium-based Systems
 * Microsoft SQL Server 2005 Enterprise X64 Edition
 * Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems

-



BUG: #50000204 (SQL Hotfix)

For more information about the same issue in SQL Server 2005 SP1, click the following article number to view the article in the Microsoft Knowledge Base:

925843 FIX: Error message when you use the SQL Server Native Client provider to run queries between two linked servers in SQL Server 2005 Service Pack 1: &quot;Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'&quot;



Microsoft distributes Microsoft SQL Server 2005 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2005 fix release.



The issue that is described in the article exists in both SQL Server 2005 and SQL Server 2005 Service Pack 1 (SP1). This article applies only to SQL Server 2005.

This article describes the following about this hotfix release:
 * The issues that are fixed by this hotfix package
 * The prerequisites for installing the hotfix package
 * Whether you must restart the computer after you install the hotfix package
 * Whether the hotfix package is replaced by any other hotfix package
 * Whether you must make any registry changes
 * The files that are contained in the hotfix package



SYMPTOMS
You use the SQL Server Native Client (SQL Native Client) provider to run queries between two linked computers that are running SQL Server 2005. After you do this, you may receive the following error message:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

This error message occurs when you use the TCP/IP protocol and you enable Kerberos authentication for the connection between the linked computers.

Typically, when this error message occurs, all other queries in the session fail and generate the same error message. This behavior continues until the source SQL Server service is restarted.

Note You cannot resolve this error message by running the DBCC FreeSessionCache statement.



CAUSE
This issue occurs because of a problem in the SQL Native Client provider. The handles that the Kerberos connection creates to some connection modules are prematurely released.



Service pack information
To resolve this problem, obtain the latest service pack for SQL Server 2005. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

913089 How to obtain the latest service pack for SQL Server 2005

Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Prerequisites
There are no prerequisites for this hotfix.

Restart information
You do not have to restart the computer after you apply this hotfix.

Registry information
You do not have to change the registry after you apply this hotfix.

Hotfix file information
This hotfix contains only those files that are required to correct the issues that this article describes. This hotfix may not contain all the files that you must have to fully update a product to the latest build.

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

SQL Server 2005, Itanium-based version


WORKAROUND
To work around this problem, configure the connection between the two SQL Server linked servers to use the Named Pipes protocol instead of the TCP/IP protocol. The Named Pipes protocol does not use Kerberos authentication at the SQL Server level. To configure the connection, follow these steps:   Make sure that the Named Pipes protocol is enabled on both linked servers.

To determine whether the Named Pipes protocol is enabled on both linked servers, run the following command at a command prompt on the source computer that is running SQL Server. Assume that the source server name is Server1 and that the target server name is Server2: Sqlcmd –E –Snp:Server2 If this command fails, the Named Pipes protocol is probably not enabled on one or both of the SQL Server linked servers. To enable the Named Pipes protocol, use SQL Server Configuration Manager.  If the command in step 1 succeeds, follow one of these steps:  Drop the existing linked server configuration.  Create a new linked server configuration that uses a different name and that uses the Named Pipes protocol. Enter the following statements on Server1 to configure a linked server that uses the Named Pipes protocol to connect to Server2. EXEC sp_addlinkedserver @server='Server2', @srvproduct='', @provider='SQLNCLI', @datasrc='np:Server2', @provstr='Integrated Security=SSPI' </ul> </li>  Open SQL Server Management Studio on Server1, and then create a new query. In the query window, run the following linked server query against Server2 to determine whether the Named Pipes protocol is being used. select net_transport, auth_scheme from Server2.master.sys.dm_exec_connections where session_id=@@spid If the Named Pipes protocol is being used, you receive the following result. net_transport       auth_scheme -      --- Named pipe      NTLM </li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in Microsoft SQL Server 2005 Service Pack 2.

<div class="moreinformation_section">

MORE INFORMATION
For more information about the naming schema for Microsoft SQL Server updates, click the following article number to view the article in the Microsoft Knowledge Base:

822499 New naming schema for Microsoft SQL Server software update packages

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbfix kbqfe kbpubtypekc kbexpertiseadvanced kbhotfixserver kbsql2005connect KB925001

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.