Window socket error 10054



An application may receive the «10054» error when the application receives data from a connection on a computer that is running Windows 7 or Windows Server 2008 R2 if a TDI filter driver is installed

Symptoms

Consider the following scenario:

You have a computer that is running Windows 7 or Windows Server 2008 R2.

A Transport Driver Interface (TDI) filter driver is installed on the computer. For example, a TDI filter driver is installed when you install McAfee VirusScan.

An application opens a TCP listening port to receive connections.

In this scenario, the application may receive the following error message:

WSAECONNRESET (10054) Connection reset by peer.
A existing connection was forcibly closed by the remote host.

This issue occurs because the TCP/IP driver does not close an incomplete TCP connection. Instead, the TCP/IP driver sends a notification that the TCP/IP driver is ready to receive data when the incomplete TCP connection is created. Therefore, the application receives an instance of the 10054 error that indicates that a connection is reset when the application receives data from the connection.

Resolution

To resolve this issue, install this hotfix.

Note This hotfix temporarily resolves this issue for application vendors before they migrate their implementation to Windows Filtering Platform (WFP). These application vendors use the TDI filter driver or the TDI extension driver (TDX) on a computer that is running Windows 7 or Windows Server 2008 R2.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a «Hotfix download available» section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=supportNote The «Hotfix download available» form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running Windows 7 or Windows Server 2008 R2.

Registry information

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in WindowsTo enable the hotfix in this package, follow these steps:

In Registry Editor, locate the following registry subkey:

If you are running a 32-bit operating system, perform the following step:

Читайте также:  Hard disk error при загрузке компьютера что делать

Right-click the Parameters registry subkey, point to New, and then click DWORD Value.If you are running a 64-bit operating system, perform the following step:

Right-click the Parameters registry subkey, point to New, and then click DWORD (32-bit) Value.

Rename the new registry entry to TdxPrematureConnectIndDisabled and set the value to 1.

Restart requirement

You may have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows 7 and Windows Server 2008 R2 file information notes

Important Windows 7 hotfixes and Windows Server 2008 R2 hotfixes are included in the same packages. However, hotfixes on the Hotfix Request page are listed under both operating systems. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under «Windows 7/Windows Server 2008 R2» on the page. Always refer to the «Applies To» section in articles to determine the actual operating system that each hotfix applies to.

The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the «Additional file information for Windows Server 2008 R2 and for Windows 7» section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

Источник

Ошибка Windows Sockets 10054

Причины возникновения
Причины этой ошибки разняться по своей «природе», но их объединяето то, что уже существующее (т.е. ранее установленое) соединение с клиентом разрывает сервер.

1. С версии 8.1.11 включен циклический перезапуск процессов, по наступлению интервала происходит автоматический перезапуск рабочих процессов rphost.

2. В некоторых случаях причиной ошибки могут стать утечки памяти.

3. Действия администратора в консоли (команда удалить пользователя)

4. Процесс rphost на серверном компьютере завершился аварийно

5. Ошибочное принятие высокой интенсивности пользователей за атаку на протокол в некоторых случаях Windows

6. Устаревание данных в кэшах

7. Плохо отслеживаемые события в фоновых процессах

8. Нестандартные запросы могут приводить к падениям rphost

Способы устранения
1. с 8.1.11 включен циклический перезапуск процессов, для анализа этого события на компьютере сервера 1С:Предприятия необходимо включить запись в технологический журнал событий PROC (пример файла logcfg.xml).
Когда процесс выключается, будет выведено событие PROC со свойством Txt=Process become disable.
Когда процесс останавливается, будет выведено событие PROC со свойством Txt=Process terminated. Any clients finished with error. Если аварийные завершения работы пользователей совпадают по времени с выводом этого события, то причиной является принудительная остановка рабочего процесса либо администратором (через консоль кластера), либо вследствие автоматического перезапуска.

2. перезагрузить сервер
3. убедиться, что причиной являются/не являются действия администратора в консоли
4. создать на сервере приложения два или более рабочих процесса, чтобы иметь возможность переподключиться в случаи сбоя рабочего процесса
5. Запусти программу regedit.exe, добавь новое значение типа DWORD с именем SynAttackProtect в раздел реестра HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ и присвой ему значение 00000000
Имеет смысл делать для ОС Windows 2003 SP1 (http://msdn.microsoft.com/ru-ru/library/ms189083.aspx).

Читайте также:  What is error 905

6. arp -d *
ipconfig /flushdns
ipconfig /registerdns
nbtstat -R
nbtstat -RR

7. отключить фоновые процессы во всех базах

8. найти технологическим журналом запрос, приводящий к падению

p.s. Кроме того, 54 ошибку можно получить на релизах 81(SQL) в типовой ТиС (демо, взятой с ИТС) релиз. 954 в клиент-серверном варианте.

обойти можно так:

— выполните конвертацию в файловый фариант информационной базы 1С:Предприятия 8.1,
— выгрузите полученную информационную базу в файл,
— загрузите в клиент-серверный вариант информационной базы 1С:Предприятия 8.1.

Источник

An existing connection was forcibly closed by the remote host (OS error 10054)

Applies to: В SQL Server

Before you start troubleshooting, we recommend that you check the prerequisites and go through the checklist.

This article details various causes and provides resolutions for the following errors:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 — An existing connection was forcibly closed by the remote host.)

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 0 — An existing connection was forcibly closed by the remote host.)

Operating system error 10054 is raised in the Windows sockets layer. For more information, see Windows Sockets Error Codes: WSAECONNRESET 10054.

When do you see the error?

Secure Channel, also known as Schannel, is a Security Support Provider (SSP). It contains a set of security protocols that provide identity authentication and secure, private communication through encryption. One function of Schannel SSP is to implement different versions of the Transport Layer Security (TLS) protocol. This protocol is an industry standard that is designed to protect the privacy of information communicated over the Internet.

The TLS Handshake Protocol is responsible for the key exchange necessary to establish or resume secure sessions between two applications communicating over TCP. During the pre-login phase of the connection process, SQL Server and client applications use the TLS protocol to establish a secure channel for transmitting credentials.

The following scenarios detail errors that occur when the handshake can’t be completed:

Scenario 1: No matching TLS protocols exist between the client and the server

SSL and versions of TLS earlier than TLS 1.2 have several known vulnerabilities. You’re encouraged to upgrade to TLS 1.2 and disable earlier versions wherever possible. Accordingly, system administrators could push out updates through group policy or other mechanisms to disable these insecure TLS versions on various computers within your environment.

Connectivity errors occur when your application uses an earlier version of Open Database Connectivity (ODBC) driver, OLE DB provider, .NET framework components, or a SQL Server version that doesn’t support TLS 1.2. The issue occurs because the server and the client can’t find a matching protocol (such as TLS 1.0 or TLS 1.1). A matching protocol is needed to complete the TLS handshake required to proceed with the connection.

Resolution

To resolve this issue, use one of the following methods:

  • Upgrade your SQL Server or your client providers to a version that supports TLS 1.2. For more information, see TLS 1.2 support for Microsoft SQL Server.
  • Ask your system administrators to temporarily enable TLS 1.0 or TLS 1.1 on both the client and the server computers by performing one of the following actions:
    • Use the IIS Crypto tool (Ciphers suites section) to validate and make changes to the current TLS settings.
    • Start Registry Editor, and locate the Schannel-specific registry keys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL .
      For more information, see TLS 1.2 Upgrade Workflow and SSL Errors after Upgrading to TLS 1.2.
Читайте также:  Error loading operations system

Scenario 2: Matching TLS protocols on the client and the server, but no matching TLS cipher suites

This scenario occurs when you or your administrator restricted certain algorithms on the client or the server for extra security.

The client and server TLS versions, cipher suites can be easily examined in the Client Hello and Server Hello packets in a network trace. The Client Hello packet advertises all the client cipher suites, while the Server Hello packet specifies one of them. If there are no matching suites, the server will close the connection instead of responding to the Server Hello packet.

Resolution

To check the issue, follow these steps:

If a network trace isn’t available, check the functions value under this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

Use this PowerShell command to find the TLS functions

Use a tool such as IIS Crypto (Ciphers suites section) to check whether there are any matching algorithms. If no matching algorithms are found, contact Microsoft support.

Scenario 3: SQL Server uses a certificate signed by a weak-hash algorithm, such as MD5, SHA224, or SHA512

SQL Server always encrypts network packets that are related to sign in. For this purpose, it uses a manually provisioned certificate or a self-signed certificate. If SQL Server finds a certificate that supports the server authentication function in the certificate store, it will use the certificate. SQL Server will use this certificate even if it hasn’t been manually provisioned. If these certificates use a weak-hash algorithm (thumbprint algorithm) such as MD5, SHA224, or SHA512, they won’t work with TLS 1.2 and cause the previously mentioned error.

Self-signed certificates are not affected by this issue.

Resolution

To resolve the issue, follow these steps:

  1. In SQL Server Configuration Manager, expand SQL Server Network Configuration in the Console pane.
  2. Select Protocols for .
  3. Select the Certificate tab and follow the relevant step:
    • If a certificate is displayed, select View to examine the Thumbprint algorithm to confirm whether it’s using a weak-hash algorithm. Then, select Clear and go to step 4.
    • If a certificate isn’t displayed, review the SQL Server error log for an entry that resembles the following and note down the hash/thumbprint value:
      2017-05-30 14:59:30.89 spid15s The certificate [Cert Hash(sha1) «B3029394BB92AA8EDA0B8E37BAD09345B4992E3D»] was successfully loaded for encryption
  4. Use the following steps to remove server authentication:
    1. Select Start >Run, and type MMC. (MMC also known as the Microsoft Management Console.)
    2. In MMC, open the certificates and select Computer Account in the Certificates snap-in screen.
    3. Expand Personal >Certificates.
    4. Locate the certificate that SQL Server is using by its name or by examining the Thumbprint value of different certificates in the certificate store and open its Properties pane.
    5. On the General tab, select Enable only the following purposes and deselect Server Authentication.
  5. Restart the SQL Server service.

Scenario 4: The client and the server are using TLS_DHE cipher suite for TLS handshake, but one of the systems doesn’t have leading zero fixes for the TLS_DHE installed

If this article has not resolved your issue, you can check if the common connectivity issues articles can help.

See also

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Источник

Оцените статью
toolgir.ru
Adblock
detector