Hello together,
since over a week I've been looking to find out the reason for two error messages I get from our users and servers, unfortunately without success up to now.
I really hope you can help me.
We are using Win 2k servers with active directory and SQL Server 2000, clients are all Win XP with SP2. Versions of access are 2002 & 2003. The errors are userspecific and occur in both versions. The SQL-Servers are accessed with an adp-file in 2002-format.
We have one usergroup which is member of specially many groups. This affects the size of their windows access token which becomes constantly larger. In order to enable those users to still access their mailboxes on our Exchange servers, the DWORD entry "MaxTokenSize" with the decimal value "65535" was made to the newly created key "Parameters" of their registry branch "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos".
Since then those users can not access any of our SQL Servers using the windows authentification. One of them gets the error "[DBNETLIB][ConnectionRead(recv().] General network error. Check your network documentation.", the others the error "Check connection: Failed: Cannot generate SSPI context".
In case of resetting the registry entries (by deleting them), the one user receives the same error message as the rest while it doesn't make any difference to those (but at least they can't connect to their mailboxes).
After having researched the web, I realised in one of the SQL-Servers logfiles the entry "Invalid buffer received from client.." which lead me to start to believe it could have to do something with the kerberos encryption in the first place. Therefore I asked if changes to the tokensize had been made. I applied the change with "EXEC sp_configure 'network packet size', 65535 RECONFIGURE" on our testsystem and "EXEC sp_configure" confirms that the value is run.
Consequence: The entry in the SQL Server log doesn't appear any longer, but the users still receive their error messages.
Do you have any hints?
Your comments will be highly appreciated!
Regards,
caracol
since over a week I've been looking to find out the reason for two error messages I get from our users and servers, unfortunately without success up to now.
I really hope you can help me.
We are using Win 2k servers with active directory and SQL Server 2000, clients are all Win XP with SP2. Versions of access are 2002 & 2003. The errors are userspecific and occur in both versions. The SQL-Servers are accessed with an adp-file in 2002-format.
We have one usergroup which is member of specially many groups. This affects the size of their windows access token which becomes constantly larger. In order to enable those users to still access their mailboxes on our Exchange servers, the DWORD entry "MaxTokenSize" with the decimal value "65535" was made to the newly created key "Parameters" of their registry branch "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos".
Since then those users can not access any of our SQL Servers using the windows authentification. One of them gets the error "[DBNETLIB][ConnectionRead(recv().] General network error. Check your network documentation.", the others the error "Check connection: Failed: Cannot generate SSPI context".
In case of resetting the registry entries (by deleting them), the one user receives the same error message as the rest while it doesn't make any difference to those (but at least they can't connect to their mailboxes).
After having researched the web, I realised in one of the SQL-Servers logfiles the entry "Invalid buffer received from client.." which lead me to start to believe it could have to do something with the kerberos encryption in the first place. Therefore I asked if changes to the tokensize had been made. I applied the change with "EXEC sp_configure 'network packet size', 65535 RECONFIGURE" on our testsystem and "EXEC sp_configure" confirms that the value is run.
Consequence: The entry in the SQL Server log doesn't appear any longer, but the users still receive their error messages.
Do you have any hints?
Your comments will be highly appreciated!
Regards,
caracol