PRB: Accessing SQL Database Fails on Second Attempt (166659)
The information in this article applies to:
- Microsoft Visual InterDev 1.0
- Microsoft Visual InterDev 6.0
- Microsoft Internet Information Server 3.0
- the operating system: Microsoft Windows NT 4.0
- Microsoft SQL Server 6.5
This article was previously published under Q166659 SYMPTOMS
One of the following error occurs when trying to access a SQL database via
Active Server Pages (ASP) under Internet Informaton Server (IIS) 3.0:
Error '80004005'
Microsoft OLE DB Provider for ODBC Drivers error '80040e21', Errors
Occurred
80004005: ConnectionWrite(GetOverLappedResult)
The error occurs on the second access to the data. For example, using a
form generated by the DataForm Wizard clicking on the ">>" button to view the next 10 records results in the error described above.
This issue occurs when all of the following conditions are met:
- ASP pages that have forced Windows NT LanMan (NTLM) authentication
either by disabling Allow Anonymous and enabling Windows NT
Challenge/Response or by setting Web permissions that would force a Windows NT
Challenge/Response.
- The Web browser on a different machine than the Internet Information
Server (IIS).
- The recordset object stored in a Session variable.
NOTES: In this scenario, if BASIC/Clear Text is turned on and NTLM is
turned off, then this script runs correctly. NTLM makes this problem
surface.
CAUSE
When the allow Anonymous User context is turned off, Windows NT is closing the pipe
to SQL Server after the first request is complete. This is because the
first connection to SQL Server is made under the IIS Anonymous User
account. IIS then either impersonates the browser client on that same
thread, or tries to access the connection on a different thread that is
running in the impersonated user context. In either case Windows NT would detect
the attempt to use a network named pipe handle that had been opened in a
different user context and force the pipe closed, per its security rules.
When the connections are viewed on the SQL Server with a network monitor, a
name pipe close request comes from Windows NT, causing the error in the Web
browser.
RESOLUTION
There are two relatively easy workarounds:
- If SQL Server is running on the same machine as IIS, you can use a local
named pipe connection instead of a network named pipe connection. NT
security rules would not be forced as the pipe is a local connection,
rather than a network connection that can be impersonated by the
Anonymous User account. In the SQL Server connection string of the
Global.asa file, change the keyword SERVER=machinename to
SERVER=(local). The server name "(local)" with parenthesis is a special
keyword to the SQL Server ODBC driver.
- You can use a non-authenticated protocol between IIS and SQL Server,
such as TCP/IP sockets. This works when SQL Server is running on either
the same machine or a different machine than IIS. To do so, you must
configure both the SQL Server and the SQL Server client on the IIS
machine:
- To configure SQL Server to listen on TCP/IP sockets as well as named pipes, run SQL Setup. From the Microsoft SQL Server 6.5 Options dialog box, click Change Network Support and Continue. Select the entry for TCP/IP Sockets (leave Named Pipes also selected) and click OK. Accept the default Named Pipe name and TCP/IP Socket number. Exit SQL Setup. Stop and restart SQL Server.
- To configure the SQL Server client on the machine running IIS (the same or different machine as the SQL Server), select SQL Client Configuration Utility. Click the Net Library tab and select "TCP/IP Sockets" as the Default Network. Click Done. IIS should now use TCP/IP sockets when connecting to SQL Server.
REFERENCES
For the latest Knowledge Base articles and other support information on
Visual InterDev and Active Server Pages, see the following page on the
Microsoft Technical Support site:
Modification Type: | Major | Last Reviewed: | 5/2/2006 |
---|
Keywords: | kbprb KB166659 |
---|
|