How to Fix: Anonymous Session Connected; Attempted to Open an LSA Policy Handle. Event 6033

[Jasonholt]

In our server event log I am getting the following event 6033 which is appearing every now and then. The ip address that is reported with it moves around the world and I cant even recognize them. This is running on a Windows Server 2003 64 bit machine and the Windows Firewall is also enabled but there is no hardware firewall enabled. The message that I get is mentioned below:

An anonymous session connected from <IP address> has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller. The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.

I have already searched for this issue on google but could not find anything. Can anyone please help me out.

[jackalz]

Check to see whether you have any open ports or services in the Windows Firewall and also see to it that you dont have any other protection from the internet, if it is, then they could be your candidates for how the request are getting to the server that you are using. Could you tell us what is allowed in your firewall?

[Pugsly]

This problem can occur if you try to connect to the instance of SQL Server as an anonymous user, the anonymous connection tries to open the LSA Policy handle on the computer that is running the instance of SQL Server. By default, a Windows Server 2003 member server denies an anonymous connection attempt that tries to open an LSA Policy handle if the TurnOffAnonymousBlock registry value is not set to 1. For more information check this link - http://support.microsoft.com/kb/839569

[mike2507]

I to need to know is the "Anonymous login " Is a needed logon user or not. I have Vista S.P. 2 on lap top 32 bit. Can I just remove the "Anonymous login" ? I am getting a pop up window for the first time shortly after I sighn on under ADMIN user.

My computer is not a server just a home lap top for every dau use. Is this a big security risk? It seems like it, HELP!!!