Login failed for user 'sa'.

Posted on 2008-11-06
Last Modified: 2012-05-05
In my event viewer, I am getting a Failure Audit message with source MSSQLSERVER that says Login failed for user 'sa'.  [CLIENT:].  All my databases use Windows Authentication.  Is this someone trying to hack the server?  If so, how do I stop it?
Question by:kdata
    LVL 4

    Accepted Solution

    It would seem that a machine on the internet with the IP address is attempting to login to your database server with the sa account.

    Firstly, your database server should not be available directly via the internet - this is terribly bad practice from a security and sys admin point of view.  If your server is behind a firewall or router make sure that SQL ports are not being fowarded from the internet into your LAN.

    Author Closing Comment

    Thanks for the advice.  I closed the port on the router and that stopped the intrusion without affecting our network access.  I am not sure why the port was open in the first place.
    LVL 18

    Expert Comment

    Even you have set your SQL to use Windows Authentication, it does not mean that you cannot use the SA account. You may want to check on the client IP address and find out where ther actual source is coming from and if it's one of your SQL admin trying to use it. Or if there's any other admin tools trying to use that account.
    LVL 1

    Expert Comment

    I know this is a long time issue...may i know what port is that you closed??

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
    Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now