Intermittent Service Freezes and "State 23" Authentication Failure

• avatar123

  Newbie

  Points: 2

  More actions

  December 18, 2025 at 3:47 pm

  #4702167

  Environment:

  SQL Server: 2019 Enterprise (15.0.4430.1)

  OS: Windows Server 2022 Standard (Build 20348)

  Virtualization: QEMU/KVM (Standard PC Q35 + ICH9)

  Security: Bitdefender GravityZone

  Authentication: Active Directory Domain Account

  The Problem: I am experiencing a recurring issue where SQL Server intermittently stops responding to queries. The service remains in a "Running" state, but all new and existing connections hang. A service restart usually temporarily resolves the issue.

  Error Logs: Just before the freeze, the SQL Error Log is flooded with the following errors:

  Error: 18456, Severity: 14, State: 23. - Reason: Access to server validation failed while revalidating the login on the connection.

  Error: 18056, Severity: 20, State: 23. - The client was unable to reuse a session with SPID X, which had been reset for connection pooling.

  This happens mainly with a specific domain service account.

  Secondary Symptom: On some reboots, the MSSQLSERVER service fails to start with the error: "Logon failure: the user has not been granted the requested logon type at this computer" (missing "Log on as a service" right). However, this right is assigned via local policy and no GPOs seem to be stripping it. Re-entering the password in services.msc fixes it temporarily.

  What I’ve Checked:

  DC Connectivity: nltest /sc_query and dsgetdc return success. Kerberos tickets (klist) appear valid.

  Virtualization: Recently reinstalled QEMU Guest Agent and drivers. It stabilized the "Log on as a service" right briefly, but the "State 23" freezes persist.

  Connection Pooling: The errors suggest a failure during the revalidation of pooled connections against LSASS/Domain Controller.

  Question: Has anyone seen Bitdefender ATC/Exploit Defense or QEMU Guest Agent drivers interfering with LSASS in a way that breaks SQL Server's ability to revalidate domain logins? Are there specific "State 23" triggers in Windows Server 2022 that I should be aware of?