You may receive an error message when you try to connect to an instance of SQL Server or SQL Server Desktop Engine by using Windows Authentication (867581)

Bug #: 471577 (Shiloh)
Shiloh:471577

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

When you try to connect to an instance of Microsoft SQL Server 2000 or to an instance of SQL Server 2000 Desktop Engine (also known as MSDE 2000) by using Windows Authentication, you may receive the following error message:

Server: Msg 11, Level 16, State 1
[Microsoft][ODBC SQL Server Driver][DBNETLIB]General network error. Check your network documentation.

WORKAROUND

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this problem, set the base of the MaxTokenSize registry value to decimal, and then set the registry value to a lower value. To do this, follow these steps:

At a command prompt, run the following command to start Registry Editor:
```
regedit
```
Locate and then click the following registry key in Registry Editor:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
In the right pane, right-click MaxTokenSize, and then click Modify.
In the Edit DWORD Value dialog box, click Decimal in the Base box.
In the Value data box, type a lower value, and then click OK.
Close Registry Editor.
Restart the computer.

MORE INFORMATION

Steps to reproduce the problem

On a computer that is running the instance of SQL Server 2000 or the instance of SQL Server 2000 Desktop Engine, follow these steps:

At a command prompt, run the following command to start Registry Editor:
```
regedit
```
Locate and then click the following registry key in Registry Editor:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Note If this registry key is not present, create the registry key. To do this, follow these steps:
1. Locate and then click the following registry key in Registry Editor:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos
2. On the Edit menu, point to New, and then click Key.
3. In the left pane, change the name of the new registry key to Parameters.
4. Click the Parameters registry key.
On the Edit menu, point to New, and then click DWORD Value.
In the right pane, change the name of the new registry value to MaxTokenSize.
In the right pane, right-click MaxTokenSize, and then click Modify.
In the Edit DWORD Value dialog box, click Decimal in the Base box.
In the Value data box, type 65,535.
Click OK.
Close Registry Editor.
Restart the computer.
Use SQL Query Analyzer to connect to the instance of SQL Server 2000 or SQL Server 2000 Desktop Engine by using Windows Authentication. You can also run the following command at a command prompt:
```
osql -E  -S Instance Name of SQL Server 2000 or SQL Server 2000 Desktop Engine
```

REFERENCES

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

280830 Kerberos authentication may not work if user is a member of many groups

263693 Group Policy may not be applied to users belonging to many groups

297869 SMS administrator issues after you modify the Kerberos MaxTokenSize registry value