Failure Audit event "Login failed for user 'Recover' event ID 18456 using Oracle SQL Client Transport Gateway

Posted on 2009-05-26
Medium Priority
Last Modified: 2012-05-07
I have Windows 2003 Enterprise service running MS SQL 2005.  The server has replication installed but the snapthot only runs at midnight.
We also have an Oracle SQL Client transport Gateway to allow an external Oracle application to query the SQL database.
I have noticed many\failure audt events in the application at different times during the day and night.
Category 4
Type Failure Audit
Description: Login failed for user 'RECOVER'.[CLIENT: Ip Address]
Could this account be related to SQL or Oracle?
The SQL installation does not show the existance of the Recover user account.
Question by:iidse
  • 3
  • 2
LVL 18

Assisted Solution

brejk earned 2000 total points
ID: 24478075
This message indicates that some user/application has tried to logon to your SQL Server instance using SQL Server login named RECOVER. Either the login itself does not exist on the instance, or the password provided was incorrect. You can try to find out what application is trying to logon with using the RECOVER principal. Use SQL Server Profiler to catch Audit Login Failed event in Security Audit event category. There is an Application Name column for this event class captured so you will find out the name of the program used for failed login tries. Unfortunately, there is no guarantee that the name of the application is not fake (it can be easily changed in connection string or additional connection options).

Author Comment

ID: 24478440
I have setup the trace, but so far it has not listed it.
I found that the Recover account might be part of the Oracle Transparent Gateway for SQL, but I am still trying to see where is that configured.

Does anybody know this gateway configuration?

Author Comment

ID: 24478545
The trace showed the Audit Login Failed as:
Login Failed for user 'Recover'/
Login name Recover.
Client Process ID 8900 and 9376.

Unfortunately it did not show the application name, but I am sure it is related to the Oracle Transparent Gateway.
LVL 18

Assisted Solution

brejk earned 2000 total points
ID: 24478604
Perhaps you will find some more information in OTG documentation. I believe there is a configuration file where the name of the login name used for SQL Server connection is defined.

Accepted Solution

iidse earned 0 total points
ID: 24486089
By default the Oracle Transparent Gateway configures COMMIT_CONFIRM, but since my application just needed to query a SQL database, I just had to use the READ_ONLY value.
There are two files on the folder:

To make the it read only the had to be set:

# This is a sample agent init file that contains the HS parameters that are
# needed for the Transparent Gateway for SQL Server

# HS init parameters

# Comment out the next two parameters - not needed when running in READ_ONLY transaction mode

# Add parameter for READ_ONLY transaction mode

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Recently, when I was asked to create a new SQL 2005 cluster, Microsoft released a new service pack for MS SQL 2005 what is Service Pack 3. When I finished the installation of MS SQL 2005 I found myself troubled why the installation of SP3 failed …
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
Stellar Phoenix SQL Database Repair software easily fixes the suspect mode issue of SQL Server database. It is a simple process to bring the database from suspect mode to normal mode. Check out the video and fix the SQL database suspect mode problem.

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question