Error 17836 simultaneous occurance on two separate instances

  • Greetings fellow SQL enthusiasts. I was alerted to this error on both SQL 2008 and 2005 instances and just beginning to troubleshoot. The error does not appear to be recurring, and as you see from the error message below, the client was on a subnet address.

    I have reviewed Windows logs, including security logs, and have not come across anything else unusual. I have also checked the configuration history of each SQL Server to see if there have been any unauthorized changes. I am open to suggestions from my all time favorite SQL Server community 🙂

    Excerpt from SQL Server error logs:

    Error: 17836, Severity: 20, State: 17.

    SourceLogon

    Message

    Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 165.xx.xx.x]

  • Buggy network driver, something broken somewhere on the network or a hack attempt.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Thank you Gail, I will surely look into that.

    Fingers crossed, the error still has not recurred, but I will be looking out for it. When I get back to the office Monday morning I'll be able to have a close talk with the sysadmin as well, to see if we are running any new network monitoring software that might have triggered the error.

  • Please check if a critical watch server is causing this error. A CW server is used for the security scan for vulnerabilities. Since it is a scanner for exploring the security vulnerabilities, this behavior might be expected .

    Traditionally this type of products tries to find any vulnerability including accounts with blank passwords, that is why it should try to access the DB.

    Get with you company security officer to find out.

    John

  • john.saldanha (10/27/2013)


    Please check if a critical watch server is causing this error. A CW server is used for the security scan for vulnerabilities. Since it is a scanner for exploring the security vulnerabilities, this behavior might be expected .

    Traditionally this type of products tries to find any vulnerability including accounts with blank passwords, that is why it should try to access the DB.

    Get with you company security officer to find out.

    John

    Exactly. The same thing happened in our shop during a Tenable security scan.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply