SQL Server error after update: The token supplied to the function is invalid

Question

I was using my machine (and SSMS) and everything was working fine. I did a reboot whereupon Windows 10 applied the following updates:

Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - April 2017 (KB890830)
Security Update for Adobe Flash Player for Windows 10 Version 1607 (for x64-based Systems) (KB4018483)
Security Update for Microsoft Silverlight (KB4017094)
Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4015217)

Now when I try to login in SSMS I'm getting the following error:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The token supplied to the function is invalid (Microsoft SQL Server)

The token supplied to the function is invalid

This looks like it is security related, but I don't know what to do to fix it. My machine uses Windows Server Essentials for backups (and the connector is green).

Answer 1

I had faced the same issue with SQL Server. I followed some steps and my problem was resolved. Those steps are as -

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. Locate and then click the following subkey in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

3. On the Edit menu, point to New, and then click DWORD Value.

4. Type SendExtraRecord for the name of the DWORD value, and then press Enter.
5. Right-click SendExtraRecord, and then click Modify.
6. In the Value data box, type 2 to disable the split record in schannel, and then click OK.
7. Exit Registry Editor. Done!

Answer 2

Execute in command line with administrative privilege and reboot.

netsh winsock reset

Answer 3

I just wanted to answer this question for completeness. I'm not sure that any of the previous answers solved the problem for me so here goes...

I consistently received the following error when using SSMS v18.0 while trying to connect to one of our QA databases: The token supplied to the function is invalid

Turns out that our certificates had just been renewed and unknown to me at the time they were renewed with a new signature algorithm (from RSA/SHA256 to RSA/SHA512). The eventual solution was to modify the list of enabled algorithms in the registry (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003) and then restart the machine: enable RSA/SHA512 registry

Answer 4

It seems that others have had success simply by restarting the machine's IIS.

That would be as simple as this:

Click Start, click Run type IISReset, and then click OK. SOURCE (Microsoft)

Otherwise, there are some settings in SSCM that you might need to ensure are properly set, and which may be culprits for a wide range of issues:

1. ensure Shared Memory protocol is enabled
2. ensure Named Pipes protocol is enabled
3. ensure TCP/IP is enabled, and s ahead of the Named Pipes in the settings SOURCE (SO)

(These settings are in your SSCM). There is also a nice blog post about setting these settings as a solution for a different error.

I hope this helps spark some ideas! It seems like this is a fairly common issue without very many concrete suggestions for solutions.

If none of those work (I thought I would suggest them as due diligence in case they resolved the issue), you might have to look into what is being modified by Windows Malicious Software Removal Tool.

Other people have run into issues using SSMS after similar updates in the past, and they seem to offer Internet Explorer as the offender. To fix it, they unregistered and registered their ieproxy.dll.

They suggest doing:

• Launch command line in administrative mode. Go to C:\Program Files\Internet Explorer or c:\Program Files (x86)\Internet Explorer if you have Win x64.
• Execute regsvr32 /u ieproxy.dll (this might throw an error if it isn't loaded)
• Execute regsvr32 ieproxy.dll SOURCE (SO)

This seems to have been successful for them, hope it works!

Answer 5

Just answering my own question for posterity:

Open MMC and select the certificates add-on for local computer. Open up the server certificate and disable server and client authentication purposes. Restart SQL server. Finished.

Answer 6

I fixed this in my environment by doing the following.

• Creating a self signed certificate
• Open SQL Server Configuration Manager.
• Expand SQL Server Network Configuration.
• Right click Protocols for MSSQLSERVER (Your instance name here) open properties.
• Go to the Certificate tab.
• In the Certificate drop down choose your certificate.

In my case I used IIS to generate the cert but you can also used PowerShell if IIS is not installed on your SQL server like it is on mine. https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate?view=windowsserver2022-ps

Per this article: SSL Certificate missing from dropdown in SQL Server Configuration Manager

Make sure the certificate's subject name exactly matches the name of the SQL server or the certificate will not appear in the drop down.

At that point I was able to login to SSMS without the error.

Here are some example of the errors I saw before fixing the issue.

Of course when login to SSMS (Sorry no screenshot)

When doing a repair of SQL

When attempting to connect to SQL via dbatools,

I even got the error when try to use sqlcmd to create an admin session. (Sorry no screenshot there)