SQL server service account is locking out

Question

Post reply

SQL server service account is locking out

G Sunny

SSC Eights!

Points: 988
More actions
October 12, 2017 at 3:18 pm

#324081

Hi,
we are seeing one of our service account getting locked out for every fifteen minutes,
we have two domains(ex. A and B), the service account name(ex. A\XXX and B\XXX) is same in two domains and the passwords are different, In Domain A DClogs we can see that account 'A\XXXX' in B domain server is locked out.
we understand somebody used the domain A account in domain B
Can some help how do i find the process or job is causing to the account locked out in Domain B server
Thanks in Advance

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

Steve Jones - SSC Editor SSC Guru Points: 734449 More actions · Answer 1

Network trace. You need to get a network person to look for the login activity (or other action).

Jeff Moden SSC Guru Points: 1003863 More actions · Answer 2

G Sunny - Thursday, October 12, 2017 3:18 PM
Hi,
we are seeing one of our service account getting locked out for every fifteen minutes,
we have two domains(ex. A and B), the service account name(ex. A\XXX and B\XXX) is same in two domains and the passwords are different, In Domain A DClogs we can see that account 'A\XXXX' in B domain server is locked out.
we understand somebody used the domain A account in domain B
Can some help how do i find the process or job is causing to the account locked out in Domain B server
Thanks in Advance

Have you checked the SQL Server Logs to see if you can get a clue or two on who or what is causing the failed logins?

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

Arsh SSCertifiable Points: 6345 More actions · Answer 3

G Sunny - Thursday, October 12, 2017 3:18 PM
Hi,
we are seeing one of our service account getting locked out for every fifteen minutes,
we have two domains(ex. A and B), the service account name(ex. A\XXX and B\XXX) is same in two domains and the passwords are different, In Domain A DClogs we can see that account 'A\XXXX' in B domain server is locked out.
we understand somebody used the domain A account in domain B
Can some help how do i find the process or job is causing to the account locked out in Domain B server
Thanks in Advance

This generally happens when a password is reset at the server and a client program runs its schedules with an old password , and hence locks it out. Logs will give you the IP of the client.

John Mitchell-245523 SSC Guru Points: 148809 More actions · Answer 4

I'm afraid you've just discovered one of the reasons why a SQL Server service account should be the account under which the SQL Server service runs... and nothing else. If you start also using it for client programs and such like, it's more likely to get locked out or otherwise compromised, potentially affecting the availability of live systems. My advice is to ask for a new account(s) for those client programs. It's more secure, as well - the more purposes to which you put an account, the more permissions you have to give it.

John

HappyGeek SSCoach Points: 18726 More actions · Answer 5

Jeff Moden - Friday, October 13, 2017 8:48 PM
G Sunny - Thursday, October 12, 2017 3:18 PM
Hi,
we are seeing one of our service account getting locked out for every fifteen minutes,
we have two domains(ex. A and B), the service account name(ex. A\XXX and B\XXX) is same in two domains and the passwords are different, In Domain A DClogs we can see that account 'A\XXXX' in B domain server is locked out.
we understand somebody used the domain A account in domain B
Can some help how do i find the process or job is causing to the account locked out in Domain B server
Thanks in Advance
Have you checked the SQL Server Logs to see if you can get a clue or two on who or what is causing the failed logins?

Once you check the logs you should find an ip address, you could then try an rdp connection to that box; I experienced this with a login for a remote server service, using the SQL account, that had long been forgotten and was undocumented.

...

David Burrows SSC Guru Points: 65138 More actions · Answer 6

John Mitchell-245523 - Monday, October 16, 2017 2:33 AM
I'm afraid you've just discovered one of the reasons why a SQL Server service account should be the account under which the SQL Server service runs... and nothing else. If you start also using it for client programs and such like, it's more likely to get locked out or otherwise compromised, potentially affecting the availability of live systems. My advice is to ask for a new account(s) for those client programs. It's more secure, as well - the more purposes to which you put an account, the more permissions you have to give it.
John

Also more than one service on the box is using the account can cause this

Far away is close at hand in the images of elsewhere.
Anon.