About SQL injection 80004005 and other error message analysis _ Vulnerability Research

The information in the article applies to:
Microsoft Data Access Components versions 1.5, 2.0, 2.1, 2.5
Active Server Pages
Microsoft Visual InterDev, version 1.0
----------------------------------------------------------------------------
Profile
This article details some common reasons why Microsoft data Access Components (MDAC) received 0x800040005 errors, including ActiveX data Objects, OLE DB, and Remote Data Services (RDS). Also, this article discusses some other error messages, including 80040E21, 80040e14, and 80040e10.

More information
The 80004005 error message can be summed up as: "For some reason, I can't access your data." This article gives a list of the various 80004005 error messages, which lists the most common causes of these error messages and their troubleshooting steps. Although this article assumes that you are using ActiveX Data Objects (ADO) in the Active Server page (ASP) page (. asp), these causes and many troubleshooting steps apply to any other environment that accesses data through ODBC.

Error message list
In this section we describe the text of various error messages and the cause of the error.

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [microsoft][odbc Microsoft Access Driver]
The Microsoft Jet Database engine cannot open the file ' (unknown) '. It is already opened exclusively by another user, or your need to view its data.

Reason
This error occurs, usually because the account (usually IUSR) used by Internet information Server (IIS) does not have the correct Windows NT permissions to access the File-based database or the folder containing the files. Please check the permissions settings for these files and folders. Verify that you can create and/or delete any temporary files. Temporary
Files are generally created in the same folder as the database, but can also be created in other folders, such as/winnt. You can use the Windows NT file Monitor to check the cause of failed access to the file. The Windows NT file Monitor can be obtained from the following WEB sites:

Http://www.sysinternals.com.

If you are using the network path (UNC or image Drive) of the database, check the permissions on the share, files, and folders. Verify that the file and data source name (DSN) are not marked as exclusive. Use a system DSN that uses a local drive letter. If necessary, move the database to a local drive and test it. Other users in the error message (other user) may be Visual InterDev. Please close any Visual InterDev engineering that contains the database data connection.

The error may also be caused by a delegation problem. Check for any authentication methods that may exist ("basic" instead of NTLM). If the connection string uses a Universal naming convention (UNC), try using Basic authentication or an absolute path, such as C:\Mydata\Data.mdb. The preceding error may occur even if the UNC points to a resource that is located on the local IIS computer.

This error can also occur if the table is in an Access database on a network server when accessing a Microsoft Access database that is linked to a table. In this case, refer to the following Microsoft knowledge Base article to find a workable solution:

Q189408 prb:asp cannot access network files under IIS 4.0
Error message Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [Microsoft][odbc Microsoft Access Driver] couldn ' t use ' (unknown) '; File already in use.

Reason
The database cannot be locked correctly for multiple users. For more information, see the following Microsoft Knowledge Base article:

Q174943 prb:80004005 "couldn ' t use ' (unknown) ';

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [Microsoft][odbc Driver Manager] Data Source name is not found D no default driver specified.

Reason
The most common reason is because the connection string session variables initialized in Global.asa and Global.asa are not fired. You can check that the variable is correctly initialized by adding the following code to the. asp page:














Another common reason is that there are too many spaces in the connection string being used.

DSN = MyDSN; Database = Pubs;

Try using the following syntax instead:

Dsn=mydsn;database=pubs;

If the Global.asa file is not fired, check and verify that it is under the application root of IIS 4.0 (if you are running IIS 3.0, it should be under the virtual root and the Execute check box is selected). In addition, when Windows NT permissions restrict access to a folder, an error in the program design can also prevent the Global.asa file from being fired. For more information, see Microsoft knowledge Base
Article:
Q173742 "BUG: When restricting Web Access, Global.asa not be executed" cannot find the DSN name.
Check to make sure that you do not use the "user" type of DSN.

If you are using a File DSN or a System DSN, try to change the connection string to DSN=MYSYSTEMDSN or dbq=myfiledsn accordingly. Simplified!

Check and verify that the latest drivers are installed. If you are not sure, download the latest MDAC (Microsoft data access component) from the following Web site:
http://www.microsoft.com/data/

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [microsoft][odbc
Driver Manager] Data source name not??

Reason
This problem appears to be related to the order in which software is installed or unloaded on your computer. This error can occur if the ODBC kernel files are not synchronized (they must be of the same version).

Please download the latest version of MDAC (Microsoft data access component) from the following Web site to upgrade all ODBC core drivers:
http://www.microsoft.com/data/

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [microsoft][odbc Access ODBC driver Driver]
General error Unable to open registry key ' DriverID '.

Reason
This error is caused by reading the value from the registry. Use Registry Editor (Regedt32.exe) to check the permissions that are set on the registry key. You can also use Windows NT Registry Monitor (NTRegMon) to check for registry read failures. NTRegMon can be from
The following Web site downloads:
Http://www.sysinternals.com

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [Microsoft][odbc SQL Server DRIVER][DBNMPNTW] ConnectionOpen ( CreateFile ()).

Reason
There are two reasons for this error. They are all related to permissions, either the database and WEB server are not on a single computer, or the database is being referenced through a UNC path (\\Server\Share). Even if the database is on the same computer as the Web server, the UNC path makes the Web server think of the database as if it is on another computer on the network.
If an. asp page is being accessed by an anonymous user, the following occurs:

IIS will use the (default) Windows NT account:
Usr_.

Because the account is a local account of the WEB server, other computers on the network simply have no way of knowing the account. When IIS (running under the security environment of the IUSR account) attempts to access any resource on the remote computer, the remote computer verifies the account it is using. Because the IUSR account is a local account, it is not known to the remote computer, so access is denied.

When anonymous access raises this issue, there are two solutions:

In the Internet Service Manager tool, change the Anonymous logon account from the default local account to a valid domain-based account from the Web property. In the User Name field, enter the domain account you want to use, in DOMAIN\userid format. The remote computer can then use a domain controller to authenticate the security credentials that IIS passes to it.

Or

The account that is replicated on the remote computer that contains the resource you want to access
IUSR_. If the account is created on a remote computer and contains exactly the same name and password, Windows NT puts it
are considered equivalent accounts.

Or

If the. asp page allows only authenticated access, refer to the following:
If the page does not allow anonymous access, IIS will attempt to authenticate the user who made the request and use its security credentials to control all its activities, such as the activity of accessing the database. The following two main reasons for failure in this scenario are described.

By default, IIS is configured to use Windows NT Challenge/response as its authentication method.

Because of the limitations of the Windows NT 4.0 (and earlier) security model, users who are authenticated by Windows NT Challenge/response cannot access resources on the remote computer. This usually
Called delegation issues. To verify that this is not the case, in the Internet Service Manager tool, select the basic (Clear text) check box under Web Properties, and then clear the Windows NT challenge/response. If this step solves the problem, it is clearly a delegation issue.

Or

If the problem persists, it may be that the user account you are using does not have the correct SQL Windows NT computer permissions. You may try to use an account that explicitly has access to the SQL computer.

For more information about delegation, how IIS protects your Web site by authentication, and related issues, see the article "IIS Authentication and
Security for Internet developers ",
It is located at the following Web site:
Http://www.microsoft.com/workshop/s...re/security.asp

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' microsoft][odbc Microsoft SQL Driver] Logon Failed ()

Reason
This error is generated by the SQL Server when the SQL Server does not accept or recognize the committed login account and/or password (when using standard security), or when no Windows NT account is mapped to a SQL account (when using integrated security).

If you are using standard security, the SQL account name and password are incorrect. Please try using the System Administrator account and password (uid= "SA", the password is blank). These must be defined in the connection string line because DSN does not store user names and passwords.

If you are using integrated security, check the Windows NT account that calls the page to find the target account that it maps to.

SQL does not allow underscores in SQL account names. If someone manually maps Windows NT account IUSR_machinename to a SQL account with the same name, it will fail. Map all accounts that contain an underscore to an account name in SQL that does not contain an underscore.

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [MICROSOFT][ODBC SQL Server Driver][sql Server] Login failed- User:Reason:Not defined as a valid user of a trusted
SQL Server connection.

Reason
Integrated security is turned on in SQL Enterprise Manager (Enterprise Manager), and the Windows NT account that is being used is not mapped to a SQL account.

Try converting SQL to standard security (in Enterprise Manager, select Server/sql server/configure/security options/standard.)
If you are running under IIS 4.0, deselect the password synchronization for the project.

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [microsoft][odbcmicrosoft Access driver]couldn ' t lock file.

Reason
This error may be caused by the lack of proper permissions to create a lock file (. ldb) for a Microsoft Access database. By default, locked files are created in the same folder as Microsoft Access. mdb files.

Try giving the user who accesses the database (usually IUSR_machinename) Full control of the share/folder.

Sometimes, shared folder permissions are set to read-only. You can also try to change the connection mode, where you can use the following sample code:

Set Conn = Server.CreateObject ("ADODB. Connection ")
Conn.mode = adModeShareDenyWrite ' 8
' From Adovbs.inc
'----ConnectModeEnum values----
' Const adModeUnknown = 0
' Const adModeRead = 1
' Const adModeWrite = 2
' Const adModeReadWrite = 3
' Const adModeShareDenyRead = 4
' Const adModeShareDenyWrite = 8
' Const admodeshareexclusive = &HC
' Const adModeShareDenyNone = &h10

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [Microsoft][odbc Microsoft Access Driver] ' (unknown) ' isn ' t A valid path. Make sure this the path name is Spel
The LED correctly and that are are connected to the server on which the file resides.

Reason
The path read by the WEB server is an invalid path. This error is most likely to occur when the Global.asa file is being used and the connection string is created on a different computer than the Web server. If the path is an image drive letter, it may be valid only for the client computer that created the connection string.

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [MICROSOFT][ODBC SQL Server DRIVER][SQL Server] the query and The views in it exceed the limit.

Reason
The query is too complex. There are too many restrictions in the query.

Error message
Microsoft OLE DB Provider for ODBC Drivers error ' 80004005 ' [Microsoft][odbc SQL Server

DRIVER][DBNMPNTW] ConnectionWrite (GetOverlappedResult ()).

Reason
When the Allow anonymous users environment is turned off, WINDOWS NT closes the pipeline that connects to SQL SERVER after the first request completes. This is because the first connection to SQL SERVER was established in the IIS anonymous user account. IIS then either chooses to impersonate the browser client on the same thread, or attempts to access connections on other threads running in the impersonated user environment. In either case, WINDOWS NT detects anyone who tries to use a network named pipe handle that has been opened in another user's environment and closes the pipe based on security rules. In SQL SE
RVer Network Monitor appears to be a request from Windows NT to close a named pipe, causing a WEB browser to make an error.

Error message
MICROSOFT OLE DB PROVIDER for ODBC DRIVERS ERROR ' 80004005 ' [Microsoft][odbcsql SERVER DRIVER][DBMSSOCN] General network E Rror. CHECK YOUR Network DOCUMENT

Reason
This error can occur if the SQL server is renamed. A DSN referencing the old name will fail because the computer name cannot be found.

Error message
MICROSOFT OLE DB PROVIDER for ODBC DRIVERS ERROR ' 80040E21 ' ERRORS occurred

Reason
This error may be caused by an attempt to insert too much data into a field that exceeds the allowable value. For example, a Microsoft ACCESS field format is set to accept only 25 characters and an attempt to insert 26 characters.

Error message
Microsoft OLE DB PROVIDER for ODBC DRIVERS ERROR ' 80040E14 ' [microsoft][odbc Microsoft ACCESS DRIVER]
SYNTAX ERROR in INSERT into STATEMENT.

Reason
A column name may be a reserved word, such as DATE. Change the column name to a non reserved word, such as saledate.

Error message
Microsoft OLE DB PROVIDER for ODBC DRIVERS ERROR ' 80040E10 ' [microsoft][odbc Microsoft ACCESS DRIVER]
TOO FEW PARAMETERS. Expected 1.

Reason
The column name used in the query syntax does not exist. Often, it's just a typo. Check the column names in the query string against the column names in the database. If you are using MICROSOFT ACCESS, make sure that you are using the actual column name, not the column's display name.

Reference
To enable the VISUAL InterDev remote Workstation to work, follow the following MICROSOFT knowledge BASE article to establish a System DSN:
Q178215 HOWTO: Configure VID for authentication WEB engineering
Q174943 prb:80004005 "couldn ' T use ' (UNKNOWN) ';
Q173742 BUG: When WEB access is restricted, GLOBAL. ASA is not executed
Q172864 ASP pages cannot access session and application objects
Q156526 common errors when connecting to an ACCESS data source =51
Q175671 PRB: SQL80004005 ConnectionOpen (CreateFile ()) error while accessing
Q149425 IDC: Executing a query error, not defined as a valid user
Q167452 PRB: ' Not A VALID PATH ' error when using Access data source
Q125767 PRB: Queries that execute SQL queries are too complex to error
Q166659 PRB: Failed to access SQL database on second attempt
Q166029 PRB: When you use Access, you cannot open an unknown file
Q178215 HOWTO: Configure VID for authentication WEB engineering