If you're running a penetration test using the 'sa' user, then you may have missed one of the very first steps in securing a server - disable the 'sa' login. A best practice during installation is to change the username for 'sa'. The next thing you do is disable it. Gail has written elsewhere that you can't delete it because you'll run into problems if you want to upgrade later, but you should disable it.

I've not used sqlmap myself, so I can't comment on the error in the OP.