Solved

Troubleshoot logon failure

Posted on 2014-02-11
4
250 Views
Last Modified: 2014-02-26
SQL 2005

I have recently noticed in the SQL logs a message

"Login failed for user 'sa'. [CLIENT 10.0.2.85]"

This has been happening a lot over quite a long period.

I know what the machine is but I cannot work out what application is causing this. I cannot find any error logs that show a problem. The timing is a bit random.

How can I go about identifying the 'culprit' ?

TIA
0
Comment
Question by:Philip Pinnell
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
Leon Kammer earned 333 total points
ID: 39850961
Hi,

You should not really be allowing sa to connect into the instance, and generally it is best to disable the login, but that aside, I would for a start by going into the event viewer on the machine 10.0.2.85 and look for a SQL connection error (error 18456)

Open Event Viewer and right click event viewer, and create a custom view, This will open the Filter Current Log dialog box which will allow you to specify logs, time period and keywords.

Cheers

Leon
0
 
LVL 38

Assisted Solution

by:Jim P.
Jim P. earned 167 total points
ID: 39870267
Leon,

The sa account should generally never be disabled because SQL still uses the account itself internally. Turning of mixed mode authentication is different.

But if there is an app using sa to connect it needs to be changed by the developer.

If the IP is 10.0.2.85 that means it is an internal network machine, so should be fairly easy to track down and see what is installed on it.
0
 
LVL 5

Assisted Solution

by:Leon Kammer
Leon Kammer earned 333 total points
ID: 39870487
If you are still having issues attemtping to identify which application is attempting to connect to the SQL server, try using a traffic logger such as Tcplogview on the machine 10.0.2.85 http://www.nirsoft.net/utils/tcp_log_view.html

Cheers

Leon
0
 
LVL 13

Author Closing Comment

by:Philip Pinnell
ID: 39888387
Thanks for your suggestions. I have been sidetracked with other things.

I think I will use the profiler to identify what eaxactly is failing to log on.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
How to convert JSON file to csv? 7 54
Numeric sequence in SQL 14 38
Azure SQL DB? 3 22
When to use an Aggregate Function. 18 38
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now