July 23, 2009 at 5:16 am
Hello,
I'm not a DBA and have very little knowledge of SQL, so I'd like to know if someone could help me, please. Forgive me if any question seems dumb.
Here's the problem: I'm having several entries in the SQL Server 2005 error logs related to login failures. Whenever a user tries to login, the frontend reports a possible wrong password and the SQL log records the following:
Error: 18456, Severity: 14, State: 8.
Login failed for user
Error: 18456, Severity: 14, State: 8.
Login failed for user
Error: 18456, Severity: 14, State: 8.
Login failed for user
Error: 18456, Severity: 14, State: 5.
Login failed for user
The entries are repeated in pairs for each login - 2 entries for sa followed by two entries for the user. It appears that everytime a user tries to login, the client app attempts to login first with sa and then the user (maybe that's the way it's supposed to be?!).
If I try to change the user's password on the client app, the problem remains. If I change the user's pass on Management Studio, everything's ok. However, some of the user's accounts do not show up on Management Studio, although they were active yesterday.
I've been looking around about these error codes and found out that 8 is for wrong passwords and 5 for invalid logins. However, can't really figure out what went wrong.
Hope someone can give me a hint.
Thanks,
PDA
>>> EDIT:
Apparently, other Administrator changed the sa password 2 weeks ago. I reset the password to the previous value and everything went back to normal. However, I still can't figure out how and why the users managed to work without a problem until now. Any thoughts?
July 31, 2009 at 9:32 am
State 8 indicates "Password mismatch", State 5 indicates "Invalid UserId".
Is this some help for You?
June 8, 2012 at 2:25 am
Hi,
I am also getting this error Error: 18456, Severity: 14, State: 8. + Login failed for user 'sa'. [CLIENT: 192.168.4.52], but the user is not accessing SQL Server directly. No application is configured with sa credentials.
is there anyway we can trace his pc and find out what is making connections to SQL Server directly?
Please suggest.
Regards
Govind
June 8, 2012 at 2:36 am
govindarajan69 (6/8/2012)
Hi,I am also getting this error Error: 18456, Severity: 14, State: 8. + Login failed for user 'sa'. [CLIENT: 192.168.4.52], but the user is not accessing SQL Server directly. No application is configured with sa credentials.
is there anyway we can trace his pc and find out what is making connections to SQL Server directly?
Please suggest.
Regards
Govind
run a profile trace, blank template, then select failed login attempt from the security audit section of the event selections tab, bingo, you get to see whats trying to login
June 10, 2012 at 12:45 am
Hi Anthony,
Thanks for your reply.
I found that it was virus. One of the users laptop was constantly probing all sql servers with sa login. I removed it from LAN and got stopped. I also found that the trojan virus infected his laptop. Informed Network and Infra team to take necessary action.
Regards
Govind
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply