Logon Error: 17836, Severity: 20, State: 17.
Message :
Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: xx.xx.xx.xx]
Message :
Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: xx.xx.xx.xx]
Since the SQL Server has Event ID 17836 logged. It is more like an authentication issue.
The error message depicts that there is some process trying to connect at SQL port but it is not a valid SQL related activity.
Here are few more causes based on my search on the internet:
1. Network team doing Port Scanning
2. Sometimes Antivirus programs do check the port.
3. MSSQL Server is under a DDoS
In our case, I have captured and analyze incoming traffic & bad packets with "Wireshark" tool and "netstat -na" output and from these logs found "GFI-Languard" tool which scan, detect, assess, windows patches & security update/vulnerabilities on the server.
Hope this will help :)
No comments:
Post a Comment