February 9, 2013 at 4:02 pm
Greetings fellow SQL enthusiasts. I was alerted to this error on both SQL 2008 and 2005 instances and just beginning to troubleshoot. The error does not appear to be recurring, and as you see from the error message below, the client was on a subnet address.
I have reviewed Windows logs, including security logs, and have not come across anything else unusual. I have also checked the configuration history of each SQL Server to see if there have been any unauthorized changes. I am open to suggestions from my all time favorite SQL Server community 🙂
Excerpt from SQL Server error logs:
Error: 17836, Severity: 20, State: 17.
SourceLogon
Message
Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 165.xx.xx.x]
February 10, 2013 at 12:54 am
Buggy network driver, something broken somewhere on the network or a hack attempt.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
February 10, 2013 at 1:41 pm
Thank you Gail, I will surely look into that.
Fingers crossed, the error still has not recurred, but I will be looking out for it. When I get back to the office Monday morning I'll be able to have a close talk with the sysadmin as well, to see if we are running any new network monitoring software that might have triggered the error.
October 27, 2013 at 4:16 am
Please check if a critical watch server is causing this error. A CW server is used for the security scan for vulnerabilities. Since it is a scanner for exploring the security vulnerabilities, this behavior might be expected .
Traditionally this type of products tries to find any vulnerability including accounts with blank passwords, that is why it should try to access the DB.
Get with you company security officer to find out.
John
November 25, 2015 at 6:29 am
john.saldanha (10/27/2013)
Please check if a critical watch server is causing this error. A CW server is used for the security scan for vulnerabilities. Since it is a scanner for exploring the security vulnerabilities, this behavior might be expected .Traditionally this type of products tries to find any vulnerability including accounts with blank passwords, that is why it should try to access the DB.
Get with you company security officer to find out.
John
Exactly. The same thing happened in our shop during a Tenable security scan.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply