Article ID: 942003
Article Last Modified on 11/14/2007
APPLIES TO
- Windows Vista Enterprise 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Windows Vista Business
- Windows Vista Business 64-bit Edition
- Windows Vista Enterprise
- Windows Vista Home Premium
- Windows Vista Ultimate
SYMPTOMS
On a Windows Vista-based computer, when you try to connect to Microsoft SQL Server Management Studio by using a virtual private network (VPN) connection, you receive an error message that resembles the following:
Note This issue does not occur on a Windows XP Service Pack 2 (SP2)-based computer in the same environment.
On the computer that hosts the SQL Server role, the following events are logged:
Event Type: Error
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 17806
Date: Date
Time: Time
User: N/A
Computer: Computer
Description: SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: ClientIPAdress]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 18452
Date: Date
Time: Time
User: N/A
Computer: Computer
Description: Login failed for user. The user is not associated with a trusted SQL Server connection. [CLIENT:ClientIPAdress]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
If you enable debug logging for the Netlogon service on the authenticating server, the following entry is logged in the in the Netlogon.log file:
[LOGON] SamLogon: Network logon of Computer\User from Computer Entered [CRITICAL] NlPrintRpcDebug: Could not get EEInfo for I_NetLogonSamLogonEx: 1761 (may be legitimate for 0xc0000064) (err 0xc0000064 = STATUS_NO_SUCH_USER) [LOGON] SamLogon: Network logon of Computer\User from Computer Returns 0xC000006A (err 0xC000006A= STATUS_WRONG_PASSWORD)
Note Computer is a placeholder for the name of the Windows Vista-based computer. Also, User is a placeholder for the user account that you use to log on to the computer.
This entry indicates that Windows Vista uses the Windows Vista-based computer credentials for authentication instead of using the domain credentials.
Note In different network environments, the following servers can be authenticating servers:
- A Routing and Remote Access server
- An Internet Authentication Service (IAS) server
CAUSE
For Windows Vista to use a VPN connection to connect to the applications that use NTLM authentication, Windows Vista must obtain VPN credentials from Credential Manager. However, Windows Vista cannot read the credentials from Credential Manager. Therefore, Windows Vista uses the Windows Vista-based computer credentials. However, the Windows Vista-based computer credentials do not apply to NTLM authentication.
RESOLUTION
Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.
To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:
Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:
Prerequisites
There are no prerequisites for installing this hotfix.
Restart requirement
You must restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace a previously released hotfix.
Registry information
To use this hotfix, you do not have to make any changes to the registry.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Vista, 32-bit versions
| File name | File version | File size | Date | Time | Platform |
|---|---|---|---|---|---|
| Update.mum | Not applicable | 1,998 | 31-Aug-2007 | 11:16 | Not applicable |
| X86_a34547243bb6cc9ca5bb11ff704387f2_31bf3856ad364e35_6.0.6000.20672_none_97ff21aef2988a52.manifest | Not applicable | 691 | 31-Aug-2007 | 11:16 | Not applicable |
| X86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.20672_none_a4a4382178f9402d.manifest | Not applicable | 36,682 | 31-Aug-2007 | 11:16 | Not applicable |
| Ksecdd.sys | 6.0.6000.16386 | 407,144 | 31-May-2007 | 22:28 | x86 |
| Lsa-ppdlic.xrm-ms | Not applicable | 2,998 | 31-Aug-2007 | 02:11 | Not applicable |
| Lsasrv.dll | 6.0.6000.20672 | 1,234,432 | 31-Aug-2007 | 02:13 | x86 |
| Lsass.exe | 6.0.6000.20672 | 7,680 | 31-Aug-2007 | 01:11 | x86 |
| Secur32.dll | 6.0.6000.20672 | 72,704 | 31-Aug-2007 | 02:14 | x86 |
Windows Vista, 64-bit versions
| File name | File version | File size | Date | Time | Platform |
|---|---|---|---|---|---|
| Amd64_a9167fff34887e93b1778377876ca781_31bf3856ad364e35_6.0.6000.20672_none_56d63154de230b18.manifest | Not applicable | 695 | 31-Aug-2007 | 11:16 | Not applicable |
| Amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.20672_none_00c2d3a53156b163.manifest | Not applicable | 36,770 | 31-Aug-2007 | 11:19 | Not applicable |
| Update.mum | Not applicable | 2,010 | 31-Aug-2007 | 11:16 | Not applicable |
| Ksecdd.sys | 6.0.6000.16386 | 477,800 | 31-May-2007 | 22:27 | x64 |
| Lsa-ppdlic.xrm-ms | Not applicable | 2,998 | 31-Aug-2007 | 03:04 | Not applicable |
| Lsasrv.dll | 6.0.6000.20672 | 1,662,976 | 31-Aug-2007 | 03:15 | x64 |
| Lsass.exe | 6.0.6000.20672 | 9,728 | 31-Aug-2007 | 01:27 | x64 |
| Secur32.dll | 6.0.6000.20672 | 94,720 | 31-Aug-2007 | 03:16 | x64 |
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
109626 Enabling debug logging for the Net Logon service
824684 Description of the standard terminology that is used to describe Microsoft software updates
Keywords: kbqfe kbpubtypekc kbexpertiseadvanced kbexpertisebeginner kbhotfixserver KB942003
