Posted by xx75vulcan on 06/19/07 15:27

On Jun 19, 8:40 am, xx75vulcan <xx75vul...@gmail.com> wrote:
> ok I just noticed an event on the server (hosting SQL) event log when
> attempting to connect from a seperate box.
>
> Error:
> An anonymous session connected from FREUDIANA has attempted to open an
> LSA policy handle on this machine. The attempt was rejected with
> STATUS_ACCESS_DENIED to prevent leaking security sensitive information
> to the anonymous caller.
>
> Upon further investigation, lead me to this MS KB:http://support.microsoft.com/kb/839569
>
> Stating "Instead of allowing the anonymous connections to your
> instance of SQL Server, you can grant the required access to a
> specific SQL Server account and pass the logon credentials for the SQL
> Server account in the connection string in the ASP.NET page. Using SQL
> Server authentication avoids the anonymous connection attempts to the
> instance of SQL Server and is more secure."
>
> I'm passing the SQL login credentials in my connecton string, and the
> ODBC manager specifies a SQL account -- why does it tell me it's
> attempting an annonymous connection?!?!?!


Also noticed the SQL server box is running ODBC SQL Driver
2000.85.1022.00 and the web box (that no asp page can connect through)
is running ODBC SQL Driver 2000.86.1830.00. do they need to be the
same driver version on both boxes?

[Back to original message]