Receiving error 17828 state 3 after applying February 2016 Windows patches to SQL 2012 SP2 server RRS feed

  • Question

  • Yesterday we patched a number of SQL servers with the February 2016 Windows/Net Framework/IE patches. On one SQL2012 SP2 server we started to receive error 17828 state 3 messages - The prelogin packet used to open the connection is structurally invalid.

    The client that was connecting was not patched. We have since patched it with the same patches as went on the SQL server yet we still get the messages.

    Has anybody had a similar experience?



    Tuesday, March 1, 2016 10:11 PM


All replies

  • Hi  Chris,

    Based on my research, the error 17828 may be because the packet was created improperly or because the packet was damaged during transmission. It can also be caused by the configuration of the SQL Server computer. Please increase the MaxTokenSize value of the server computer following the instructions in this article, then check if the error goes away.

    Also there is a similar blog for your reference, the blog provides the solution that delete any files in the S-1-5-21-xxxxxx-xxxxx-xxxx-xxxxx folder to eliminate the error.

    Lydia Zhang

    Lydia Zhang
    TechNet Community Support

    Wednesday, March 2, 2016 3:29 AM
  • Lydia,

    It's not the MaxTokenSize as both servers are set to ffff.

    I do see an entry in the RSA/S-1-5-21-xxxx folder. I will see if deleting this works.



    Wednesday, March 2, 2016 2:22 PM
  • We found the problem.

    Somehow the SQL Server Network Configuration/Protocols for MSSQLSERVER/Force Encryption got set to YES. Once it was set to NO all was good.

    Now trying to find out how it got changed.


    Wednesday, March 2, 2016 4:06 PM
  • We are getting the same error.  

    We need to have Force Encryption on to encrypt all data from SQL Server on our intranet.

    This all happened started after we disabled SSL V3.0 to pass our security audits. 

    When we enabled SSL V3 on our test system we were able to resume sending emails.

    This is not an option on our production system.   Any help would be great since we rely on Database Emil


    PS  we've tried deleting the file and change the MaxTokenSize
    • Edited by WaynePRO Friday, March 4, 2016 12:41 AM
    Friday, March 4, 2016 12:36 AM
  • Wayne,

    What version and build of SQL are you running?


    Friday, March 4, 2016 2:52 PM
  • Chris,

    Microsoft SQL Server 2012 (SP3) (KB3072779) - 11.0.6020.0 (X64)
     Oct 20 2015 15:36:27
     Copyright (c) Microsoft Corporation
     Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)


    Friday, March 4, 2016 3:21 PM
  • Wayne,

    The TLS 1.2 for SQL2012 SP3 is either CU1 or hotfix build 6216. Is TLS 1.0 enabled? This blog entry might help


    Friday, March 4, 2016 3:31 PM
  • Will try this over the weekend and let you know the outcome.
    Friday, March 4, 2016 8:02 PM
  • Current version:
    Microsoft SQL Server 2012 (SP3-CU1) (KB3123299) - 11.0.6518.0 (X64)
     Jan  7 2016 14:39:01
     Copyright (c) Microsoft Corporation
     Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)

    Still have the same issue with database mail.


    Saturday, March 5, 2016 7:53 PM
  • Wayne,

    What sort of error are you seeing?

    For SQL2008R2 did you install the NF fixes as well?

    I know we are getting off the original subject as you are now dealing with the SSL/TLS issues. In my case having the TLS SQL2008R2 hotfix and the NF 4.5.2 hotfix I cannot connect using SSMS on the server when TLS 1.0 is disabled. I hadn't checked dbmail.


    Wednesday, March 9, 2016 3:53 PM