FIX: xp_grantlogin and xp_revokelogin May Fail on Orphaned Windows NT Accounts (257858)


The information in this article applies to:

  • Microsoft SQL Server 6.5
This article was previously published under Q257858
BUG #: 18980 (SQLBUG_65)

SYMPTOMS

If a Microsoft Windows NT user is granted access to SQL Server and then the Windows NT account is subsequently deleted on Windows NT but SQL Server access is not revoked, this user is called an orphaned user on SQL Server. If at least one such orphaned user is granted access to SQL Server, a call to either the xp_grantlogin or xp_revokelogin stored procedure may fail and return the following error message:
Unable to lookup account. LookupAccountSid LookupAccountSid: Error 1332 on line 1772. No mapping between account names and security IDs was done.
Also, you may experience an unhandled access violation (AV), or SQL Server may stop responding.

CAUSE

Starting with either Windows NT 4.0 Service Pack 6 or Microsoft Windows 2000, the Win32 function LookupAccountSid returns the error ERROR_NONE_MAPPED (= 1332) on such an orphaned Windows NT account. The xp_grantlogin and xp_revokelogin stored procedures do not correctly handle this return code.

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next SQL Server service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later: 
   Version     File name     Platform
   ----------------------------------------

   6.50.480   Xplog60.dll   Intel and Alpha
NOTE: Due to file dependencies, the most recent hotfix or feature that contains the above files may also contain additional files.

WORKAROUND

To work around this problem, always run the xp_revokelogin stored procedure before deleting a Windows NT account that also has SQL Server access rights.

STATUS

Microsoft has confirmed this to be a problem in SQL Server 6.5.
Modification Type:MinorLast Reviewed:10/7/2005
Keywords:kbBug kbfix kbQFE KB257858
©2004 Microsoft Corporation. All rights reserved.