Preliminary Troubleshooting
1. Look at the latest SQL Errorlog (Located in MSSQL\LOG folder or
MSSQL$XXXX\LOG folder) and look for entries similar to the following
2003-02-11 11:53:32.37 spid3 Server name is ‘SERVERABC’
or
2003-02-11 20:36:30.85 spid3 Server name is ‘SERVERABC\INST1’
and
2003-02-11 11:53:32.54 server SQL server listening on 62.58.65.150: 1433.
2003-02-11 11:53:34.54 server SQL server listening on TCP, Shared Memory, Named Pipes.
2. On the problematic client, Check the Client Network Utility (Start | run | cliconfg) and
make sure TCP/IP and Named Pipes are listed in the enabled Protocol list. Also check if
any aliases exist for the SQL Server. If aliases exist, note them down and delete them.
3. Check the MDAC version on the client machine by using the Component Checker tool.
Component checker can be downloaded from
http://msdn.microsoft.com/library/default.asp?url=/downloads/list/dataaccess.asp
4. Use the netstat command on the server to confirm that SQL Server is indeed listening on
the tcp port specified. (Use netstat –a and netstat –n )
5. Check if SSL Encryption is being used. Check the Client Network utility and the Server
Network utility to see if the “Force protocol encryption” option is checked.
6. General troubleshooting: Try the following troubleshooting from the problematic client
a. Ping the SQL Server by name and make sure the proper IP address is returned
b. Ping the SQL Server by IP address (use Ping -a)
c. Try to connect using just the Server Name
d. Try to connect using the just the IP address
e. Try to connect using Server Name,1433 (or the port being used)
f. Try to connect using IP address,1433 (or the port being used)
g. Create an alias to use Named Pipes and test connection using that alias
h. Create an alias to used TCP/IP and dynamically determine port and test
connection using that alias
i. Create an alias to use TCP/IP and specify the port number. Test the
connection using that alias.
j. Ask for a copy of the following registry hives.
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLS
erver\Client -For Client side configuration
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLS
erver\MSSQLServer\SuperSocketNetLib –For server side
configuration for default instances
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
SQL Server\ <Instance
Name>\MSSQLServer\SuperSocketNetLib –For server side
configuration for named instances
7. Next try the following troubleshooting depending on whether you have a Named instance
or default instance and the port on which SQL Server is listening on.
2. From the above steps if you determine that the connectivity issue is specific to Named
Pipes
a. Check for name resolution
b. Check if SQL Server is listening on Named Pipes
c. Check the pipename in the SQL Errorlog and the server network utility
d. Check the pipename in the Client network utility.
e. Use readpipe and makepipe for testing (68941 INF: Procedure for Testing
Named Pipes)
f. With Named Pipes, database clients must be authenticated by Windows NT
before establishing a connection.
g. Some known issues and related articles
• 818806 Some Named Pipes Features Are Not Disabled After You Disable
the Named
• 831127 Named Pipes cannot be removed on Virtual SQL Server Running
SP3.
• 823492 "Connection Could Not Be Established" Error Message When You
Connect to
• 110905 INF: Readpipe Return Codes
• Pipename for a Virtual SQL Server - SOX020930700092
3. From the above steps if you determine that there exists a name resolution issue.
a. Ping by name and IP address and note how the name resolution works (no name
resolution, NetBIOS name, Fully qualified domain name)
b. Check lmhost and host file for any entries. Entries can be added here to force
name resolution.
c. Involve active directory or the domains group to help with any DNS or WINS
issues.
4. SQL Server failed to bind on a particular port
a. Determine if another application was using the port when SQL Server started.
b. Use utilities like findport, PortQry or Fport for this purpose.
• findport (usage findport portnumber).
• Fport tool gives all the applications along with their port numbers. Can be
sorted by port number using the /p switch
c. If the port is no longer being used by any application, try to restart SQL Server
and check if SQL Server is able to bind to the port on starup.
d. Check for the following issues.
• 293107 PRB: Unable to Release TCP\IP Port 1433 for Client
Communication
• 312935 FIX: SQL Server Fails to Bind TCP/IP Port at Startup
• 319578 PRB: Error Message:"Bind Failed" Occurs After IP Address
Changes on a cluster
5. From the above steps if you determine that the issue is specific to a particular application.
a. Determine how the application connects to SQL Server
• DSN Vs DNS less connection
• ODBC Vs OLE DB
• Any 3rd party driver/provider being used?
b. Check the connection string
c. Check the driver version.
d. You may have to involve the Webdata team if you find that the issue is driver
specific.
e. The following articles may be useful
• 289573 PRB: Configuring DSNs with SQL Server Net-Libraries
• 175671 PRB: 80004005 ConnectionOpen (CreateFile()) Error Accessing
SQL
• 328383 INF: SQL Server Clients May Change Protocols When They Try
to Connect
• 238949 HOWTO: Set the SQL Server Network Library in an ADO
Connection String
• 313295 HOW TO: Use the Server Name Parameter in a Connection
String to Specify
• 307002 PRB: ASP/ODBC/SQL Server Error 0x80040E4D Login Failed
for User
• 830267 Guide to Initial Data Collection for GNE Errors
6. From the above steps if you determine that the error encountered is “Cannot generate
SSPI context.”, sometimes accompanied by “Login failed for user ‘null’”
a. Check for name resolution (should resolve to the fully qualified domain name)
b. Check the SPNs (use SSPITest, the setspn utility or ADSIEdit). SETSPN can be
downloaded from
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-
o.asp
c. What account does the MSSQLSERVER service use? (Only local system and
Domain admin account have permissions to create or delete SPN)
d. The following articles give more information on troubleshooting this issue.
• 267588 "Cannot Generate SSPI Context" Error Connecting to SQL 2000
• 269541 INF: "Cannot Generate SSPI Context"
• 267550 BUG: "Assertion Failed" When You Connect to SQL Thru TCP/IP
• 319723 INF: SQL Server 2000 Kerberos Support Including SQL Server Virtual
• 811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error
Message
• 817384 HOWTO: Use Kerberos Authentication for Microsoft SQL Server 2000
• 326138 HOW TO: Troubleshoot SSPI Context Errors
• SOX030217700145 What does the SSPITest output mean?
• SOX030805700091 SPNs: What They Are And How SQL Server Uses Them
7. From the above steps if you determine that the connectivity issue is specific to Named
Instances
a. Check the instance name is being specified properly with ‘\’
b. Check if UDP port 1434 is blocked (utilities like PortQry can be used)
c. Check the client MDAC version
d. Obtain a netmon trace from the client and the server and check for UDP traffic.
e. Check if you are able to make a connection when you specify the port number.
f. The following article may be useful
• 308091 BUG: Hide Server Option Cannot Be Used on Multiple Instances of SQL
• 286303 INF: Behavior of SQL Server 2000 Network Library During Dynamic
Port
• 265808 INF: How to Connect to an SQL Server 2000 Named Instance with the
• 260414 INF: Frequently Asked Questions - SQL Server 2000 - Multiple
Instances
9. The connectivity issue occurs only when the “Force protocol encryption” option is
checked.
a. Check whether they are using server side or client side encryption.
b. For server side authentication, make sure the certificate is valid. It should be
issued to a fully qualified domain name of the server on which SQL Server is
running. Also the Enhanced key Usage property should show "Server
Authentication(1.3.6.1.5.5.7.3.1)"
c. Use the following articles
• 318605 INF: How SQL Server Uses a Certificate When the Force Protocol
• 276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
• 309398 PRB: SQL Server 2000 Installation or Local Connections Fail with "SSL
• 322144 FIX: SECDoClientHandShake Cannot Connect to SQL Server
Useful articles (This list also contains some articles referred above)
216415 INF: How to Set Up SQL Server with Microsoft Proxy Server
299673 HOWTO: Configure ISA Server 2000 and Enterprise Manager to Connect
294453 INF: Set Up SQL 2000 to Listen on Multiple Static TCP Ports
235987 Virtual SQL Server Only Supports the Use of One TCP/IP Address
286303 INF: Behavior of SQL Srv. 2000 Network Library
279526 FIX: SQL Server ODBC Driver Ignores Authentication Setting
258939 Recommendations for Connecting to Databases Through Internet Information
Useful Tools/Commands/Logs
• Logs (SQL Errorlog, Event logs, ODBC log)
• Ping, pathping, odbcping –To test basic connectivity
• Component checker (http://msdn.microsoft.com/library/default.asp?
url=/downloads/list/dataaccess.asp)
• net view \\YourServerNameHere
• netstat –a, netstat –n
• telnet <server> <port>
• PortPing, PortQry, Fport, FindPort –Utilities to check for valid, open ports.
• Setspn, xpSSPItest, SSPIclient
• MPSReports –To get the event logs and Registry keys
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-
30b0bd915706/MPSRPT_SQL.exe
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-
30b0bd915706/MPSRPT_SQL_Readme.txt
• NetDiag
• Netmon trace –To capture complete network traffic.
124028 Sending Network Monitor to Microsoft Customers
ftp://ftp.microsoft.com/pss/tools/netmon