Link to home
Start Free TrialLog in
Avatar of iidse
iidse

asked on

Failure Audit event "Login failed for user 'Recover' event ID 18456 using Oracle SQL Client Transport Gateway

I have Windows 2003 Enterprise service running MS SQL 2005.  The server has replication installed but the snapthot only runs at midnight.
We also have an Oracle SQL Client transport Gateway to allow an external Oracle application to query the SQL database.
I have noticed many\failure audt events in the application at different times during the day and night.
Source MSSQLSERVER
Category 4
Type Failure Audit
Description: Login failed for user 'RECOVER'.[CLIENT: Ip Address]
Could this account be related to SQL or Oracle?
The SQL installation does not show the existance of the Recover user account.
SOLUTION
Avatar of brejk
brejk
Flag of Poland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of iidse
iidse

ASKER

Hello
I have setup the trace, but so far it has not listed it.
I found that the Recover account might be part of the Oracle Transparent Gateway for SQL, but I am still trying to see where is that configured.

Does anybody know this gateway configuration?
Avatar of iidse

ASKER

The trace showed the Audit Login Failed as:
Login Failed for user 'Recover'/
Login name Recover.
Client Process ID 8900 and 9376.

Unfortunately it did not show the application name, but I am sure it is related to the Oracle Transparent Gateway.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial