Login packet used to open the connection is structurally invalid | Length specified in network packet payload did not match number of bytes read; the connection has been closed

Today we faced this error, on one of our SQL server 2014, SP2
  
Error:
  • The login packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library.
  • Length specified in network packet payload did not match the number of bytes read; the connection has been closed. Please contact the vendor of the client library



Error description:
  
Product Name
SQL Server
Event ID
17832
Event Source
MSSQLSERVER
Component
SQLEngine
Symbolic Name
SRV_BAD_LOGIN_PKT
Message Text
The login packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library.%.*ls


This error may be caused because the packet was created improperly or because the packet was damaged during transmission. It can also be caused by the configuration of the SQL Server computer.

Explanation: When using Windows Authentication in a Kerberos environment, a client receives a Kerberos ticket that contains a Privilege Attribute Certificate (PAC). The PAC contains various types of authorization data including groups that the user is a member of, rights the user has, and what policies apply to the user. When the client receives the Kerberos ticket, the information contained in the PAC is used to generate the user's access token. The client presents the token to the SQL Server computer as part of the login packet. If the token was improperly created or damaged during transmission, SQL Server cannot offer additional information about the problem.

Root Cause: When the user is a member of many groups or has many policies, the token may grow larger than normal to list them all. If the token grows larger than the MaxTokenSize value of the server computer, the client fails to connect with a General Network Error (GNE) and error 17832 can occur. This problem may affect only some users: users with many groups or policies. When the problem is the MaxTokenSize value of the server computer, error 17832 in the SQL Server error log will be accompanied by an error with state 9. For additional details about the Kerberos and MaxTokenSize

Resolution: To resolve this problem, increase the MaxTokenSize value of the server computer, to a size large enough to contain the largest token of any user in your organization. To research the correct token size for your organization, consider using the Tokensz application

          To change the MaxTokenSize on the server computer, you can refer Link


No comments:

Post a Comment