August 9, 2016 at 6:26 am
We turned alerts on our new servers, severity 20-25 and suddenly got flooded with severity 20 errors of the same type. On new servers.
I've never seen this error before. When I googled it, I got information on what it meant, but I have no idea how to troubleshoot / resolve the problem. Any suggestions?
Error:
DATE/TIME:8/8/2016 6:03:39 PM
DESCRIPTION:The prelogin packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 10.212.7.27]
COMMENT:(None)
JOB RUN:(None)
August 9, 2016 at 7:25 am
Did you try increasing the max token size as suggested in here:https://msdn.microsoft.com/en-us/library/cc645913.aspx?
August 10, 2016 at 5:42 am
Luis Cazares (8/9/2016)
Did you try increasing the max token size as suggested in here:https://msdn.microsoft.com/en-us/library/cc645913.aspx?
No. Because my Google-Fu didn't uncover this page. Thanks for the link. I'll check it out.
August 12, 2016 at 5:35 am
Brandie Tarvin (8/10/2016)
Luis Cazares (8/9/2016)
Did you try increasing the max token size as suggested in here:https://msdn.microsoft.com/en-us/library/cc645913.aspx?No. Because my Google-Fu didn't uncover this page. Thanks for the link. I'll check it out.
Nope. This did not work. Still getting the same error on the servers I fixed.
Any other thoughts?
August 12, 2016 at 11:42 am
Hi Brandie,
I get similar log entries when our security folks are running scans:
Error: 17836, Severity: 20, State: 17.
Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library.
Of course, when I check the client address the returned name confirms it is one of their computers.
Just a thought.
August 16, 2016 at 7:33 am
Ahha!
I had a coworker look into this also. He determined (and called our network team to verify) that it is "network scans from the switches" that is causing this. They confirmed after he gave them the computer IP and hostname.
They are looking into a solution and I've ask him how he diagnosed this so I can pass the information on here. But hey, it's not a SQL problem apparently.
EDIT: Coworker says
i did an nslookup on the ip address in the email and got the host name then called the network team and suspected scanning was going on due to the host name and they confirmed
August 16, 2016 at 7:35 am
WilburBud (8/12/2016)
Hi Brandie,I get similar log entries when our security folks are running scans:
Error: 17836, Severity: 20, State: 17.
Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library.
Of course, when I check the client address the returned name confirms it is one of their computers.
Just a thought.
I did not see this until today. But yeah, it looks like this might be the issue. Of course it would help if they'd quite deliberately setting off our server alerts so that we can keep these alerts active. The alternative of turning off a high severity error alert is annoying in that we'll miss the important stuff.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply