Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Login failed for user 'NT AUTHORITY\SYSTEM', Very straing


Login failed for user 'NT AUTHORITY\SYSTEM', Very straing

Author
Message
andersson_par
andersson_par
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 34
Thanks, but no jobs owned by 'NT AUTHORITY\SYSTEM' just 'NT SERVICE\SQLSERVERAGENT' owned ones.


I did a SQL Profiler trace (Audit) and see a lot of these kind of queries, issued by NT AUTHORITY\SYSTEM via the Windows script Host, going on at the time of the login failures:

SELECT
d.name
, d.database_id
, CASE WHEN d.replica_id IS NULL THEN 0 ELSE 1 END AS is_replica
, ar.secondary_role_allow_connections
FROM sys.databases d
JOIN sys.availability_replicas ar on d.replica_id = ar.replica_id
JOIN sys.servers s ON s.name = ar.replica_server_name AND s.server_id = 0 /*local server*/
WHERE d.database_id = 18

What is this?
High Availability? We got it disabled...
Replication? We got it disabled...

Hmm.
rao.vikram.net
rao.vikram.net
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 0
I have faced similar issue, all i did is modified 'connection string' Configuration. Instead of '.....;user id=sa;...', try replacing it with '.....;uid=sa;...'.For The reason part ...i dont know why!?it may work
Let me know if it works!
Prudhviraj
Prudhviraj
SSC Rookie
SSC Rookie (48 reputation)SSC Rookie (48 reputation)SSC Rookie (48 reputation)SSC Rookie (48 reputation)SSC Rookie (48 reputation)SSC Rookie (48 reputation)SSC Rookie (48 reputation)SSC Rookie (48 reputation)

Group: General Forum Members
Points: 48 Visits: 102
Well I have had the same issue. And log is generated every 15min saying that database could not connect to sql server database.

Granting sysadmin access to ntauthority\system should in fact solve the issue. But its stupid to do so with out actually knowing what application or script(in my case the call is coming from cscript.exe - which can be any automated vb or java script) is actually trying to access the server data.

For now I have no further information - I'm still investigating on the issue. If you find any clue let me know
bobswi
bobswi
Grasshopper
Grasshopper (10 reputation)Grasshopper (10 reputation)Grasshopper (10 reputation)Grasshopper (10 reputation)Grasshopper (10 reputation)Grasshopper (10 reputation)Grasshopper (10 reputation)Grasshopper (10 reputation)

Group: General Forum Members
Points: 10 Visits: 335
I was seeing this on one of our servers, I looked at the Services running and ran profiler and came up with the same things like: generic queries where NT AUTHORITY\SYSTEM was trying to run things like:
SELECT size / 128.0 as fileSize,
FILEPROPERTY(name, 'SpaceUsed') / 128.0 as fileUsed,
CASE WHEN max_size = -1 OR max_size = 268435456 THEN -1 ELSE max_size / 128 END as fileMaxSize,
CASE WHEN growth = 0 THEN 0 ELSE 1 END as IsAutoGrow,
is_percent_growth as isPercentGrowth,
growth as fileGrowth,
physical_name
FROM sys.master_files WITH (NOLOCK)
WHERE type = 0 AND is_read_only = 0 AND data_space_id = 1
AND database_id = 4

Turns out System Center Operations Manager Agent was running HealthService.exe as Local System.
andersson_par
andersson_par
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 34
SCOM it is!

To make this work use a service account to run the scom agent service with this:

Member of "Performance Monitor Users" local group
Member of "Event Log Readers" local group if OS is Windows 2008 or Windows 2008 R2
Member of "Distributed COM Users" local group if SQL Server is running in a clustered configuration
Full access to Cluster if SQL Server is running in a clustered configuration
Permission to Log On Locally
SQL permission to VIEW ANY DEFINITION
SQL permission to VIEW SERVER STATE
SQL permission to login in each database including system databases
Member of "SQLAgentReaderRole" in msdb database
barry 13081
barry 13081
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 20
I am seeing this also. I granted owner permission to the NTAUTHORITY account for the first database it tries to hit. It run this batch twice:

SET NOCOUNT ON
SELECT size / 128.0 as fileSize,
FILEPROPERTY(name, 'SpaceUsed') / 128.0 as fileUsed,
CASE WHEN max_size = -1 OR max_size = 268435456 THEN -1 ELSE max_size / 128 END as fileMaxSize,
CASE WHEN growth = 0 THEN 0 ELSE 1 END as IsAutoGrow,
is_percent_growth as isPercentGrowth,
growth as fileGrowth,
physical_name
FROM sys.master_files WITH (NOLOCK)
WHERE type = 0 AND is_read_only = 0
AND database_id = 36

Then this batch:

SET NOCOUNT ON
SELECT fg.name as fileGroupName,
fg.data_space_id as fileGroupId,
fg.is_read_only as fileGroupReadOnly
FROM sys.filegroups fg WHERE type = 'FG' AND fg.is_read_only = 0


Then is tries to open another db and fails and goes back and runs the first batch on the first db again.


Anyone figured this out yet?

barry
barry 13081
barry 13081
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 20
Oops, I didn't notice the 2nd page of replies.
djordan 4543
djordan 4543
SSC Journeyman
SSC Journeyman (83 reputation)SSC Journeyman (83 reputation)SSC Journeyman (83 reputation)SSC Journeyman (83 reputation)SSC Journeyman (83 reputation)SSC Journeyman (83 reputation)SSC Journeyman (83 reputation)SSC Journeyman (83 reputation)

Group: General Forum Members
Points: 83 Visits: 251
I had a problem very similar to yours.

Do you have Operations Manager by any chance?

I do and operations manager was probing a database every 15 mins for stats info. The prob was the db was in single user mode therefore I kept getting a login error.
CooLDBA
CooLDBA
SSC-Enthusiastic
SSC-Enthusiastic (167 reputation)SSC-Enthusiastic (167 reputation)SSC-Enthusiastic (167 reputation)SSC-Enthusiastic (167 reputation)SSC-Enthusiastic (167 reputation)SSC-Enthusiastic (167 reputation)SSC-Enthusiastic (167 reputation)SSC-Enthusiastic (167 reputation)

Group: General Forum Members
Points: 167 Visits: 182
andersson_par (5/3/2013)
SCOM it is!

To make this work use a service account to run the scom agent service with this:

Member of "Performance Monitor Users" local group
Member of "Event Log Readers" local group if OS is Windows 2008 or Windows 2008 R2
Member of "Distributed COM Users" local group if SQL Server is running in a clustered configuration
Full access to Cluster if SQL Server is running in a clustered configuration
Permission to Log On Locally
SQL permission to VIEW ANY DEFINITION
SQL permission to VIEW SERVER STATE
SQL permission to login in each database including system databases
Member of "SQLAgentReaderRole" in msdb database


Thanks for sharing!



jazzgilbert
jazzgilbert
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 24
Thanks anthony.green, didn't know about/how to run a trace, that helped me.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search