anushahanna
asked on
which logins are on Error log
in the error log, I see something like:
Login failed for user 'sartty'. [CLIENT: IPAddress of originating request]
sartty is not a login on the SQL Server. Is this a access violation or is this getting routed through the reg SQL Login?
thanks
Login failed for user 'sartty'. [CLIENT: IPAddress of originating request]
sartty is not a login on the SQL Server. Is this a access violation or is this getting routed through the reg SQL Login?
thanks
You need to check with any users or services on the client as indicated by the IP address. Find out what they were doing.
ASKER
>>Search for such name
where?
where?
ASKER
cmangus, the IP address is the reporting server- but it is supposed to only use one SQL Login to hit the SQL box..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I forgot to mention that that trace file tells you a lot about that user, the ipaddress, the hostname, date and time it was run and perhaps you can tell who used that user account.
it is likely that someone, from some place used that user account. It was probably there before your report or db was setup and like I stated, left as a residue and it is coming back to create problems for you.
it is likely that someone, from some place used that user account. It was probably there before your report or db was setup and like I stated, left as a residue and it is coming back to create problems for you.
ASKER
great idea, Sammy- thanks.
I see many failures for, just for example,
aa
bb
cc
dd
ee
ff
but in SQL Server, the only login is dd.
And these errors have happened 100s of times..
I checked with the reporting team and they are saying aa,bb,cc,ee,ff are all users who connect to the reporting server to get the reports.
do you think the reporting tool's security is breached?
I see many failures for, just for example,
aa
bb
cc
dd
ee
ff
but in SQL Server, the only login is dd.
And these errors have happened 100s of times..
I checked with the reporting team and they are saying aa,bb,cc,ee,ff are all users who connect to the reporting server to get the reports.
do you think the reporting tool's security is breached?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank sammy.
It could be some residue like some service left behind from some agent running on your server.
I won't rule out malicious item here but definitely, the error was referring to some user called sartty.
Search for such name