September 24, 2010 at 2:11 pm
Hello!
We have Microsoft SQL Server Express 2005 installed on one of our servers here at a high school. The SQL server is used to hold the database for a Microsoft Access front end that 10 or so people use.
Lately, and I couldn't tell you when exactly it started because the logs fill up incredibly fast, I've been seeing Failure audits in the Event Viewer>Application log on the server. The failure audits are:
Source: MSSQL$SQLEXPRESS
Category: (4)
Event ID: 18456
Type: Failure Audit
Login failed for user 'Admin'. [CLIENT: xxx.xxx.xxx.xxx] which is our external address here at the school [the server itself has a NIC facing externally to gain a different public IP, so when the Access users connect, they're looping out and then back in.]
The interesting thing is we don't have a single user named "Admin" in SQL, or in our Active Directory here, or on any of the servers or computers locally. But that error is always accompanied by a second error of the exact same type, with the user name of the person who is trying to use the database.
Lately we've been noticing slowdowns in the database too but I believe this may be unrelated and something to do with our connection.
Any help on why I'm receiving these errors would be fantastic! The only thing I could think of is that the company who designs the Access database that the staff here use is leaving some query in for a username "Admin" somewhere in the program that is failing because they may have an account called Admin at their end, but we don't have one here. Just a guess though.
Thanks!
September 24, 2010 at 2:17 pm
The Admin is an account that exist by default in an Access database I believe.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
September 24, 2010 at 2:41 pm
Hi, thanks for your reply!
Is there any way to remove this? Or does it need to be there?
Also, at the moment SQL is using a mix between SQL and Windows Authentication. The staff here have laptops and they use their domain accounts when they're logged in. Their ODBC drivers for Access to talk to SQL are using integrated Windows Authentication. When they leave the network, they get an error about trust. This is probably because their laptops can't talk to the domain controller? They end up using an old domain password and it works. Should I be using just SQL authentication with their ODBC drivers if their laptops can access the domain inside the network, but can't access it from outside when they're at home or travelling?
Thanks for any advice!
September 24, 2010 at 3:16 pm
Is there any way to remove this? Or does it need to be there?
I don't think the "Admin" account can be removed from the Access database. It might be disabled, but it has been a few years since I have messed with MS Access.
Also, at the moment SQL is using a mix between SQL and Windows Authentication.
This is referenced as "Mixed Mode Authentication" in SQL Server terminology.
When they leave the network, they get an error about trust. This is probably because their laptops can't talk to the domain controller? They end up using an old domain password and it works.
The old domain password probably works because domain passwords can be cached on laptops/desktops for a period of time. How long that cache last depends on your default domain policy.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
September 24, 2010 at 3:25 pm
The only thing I could think of is that the company who designs the Access database that the staff here use is leaving some query in for a username "Admin" somewhere in the program that is failing because they may have an account called Admin at their end, but we don't have one here. Just a guess though.
Can they not provide you support?
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
September 24, 2010 at 4:25 pm
Shawn Melton (9/24/2010)
The only thing I could think of is that the company who designs the Access database that the staff here use is leaving some query in for a username "Admin" somewhere in the program that is failing because they may have an account called Admin at their end, but we don't have one here. Just a guess though.
Can they not provide you support?
They may be able to, but it's a company who does this custom program on contract, and I'm not sure if they think it's their issue. It's hard to say right now.
September 24, 2010 at 4:40 pm
link470 (9/24/2010)
Shawn Melton (9/24/2010)
The only thing I could think of is that the company who designs the Access database that the staff here use is leaving some query in for a username "Admin" somewhere in the program that is failing because they may have an account called Admin at their end, but we don't have one here. Just a guess though.
Can they not provide you support?
They may be able to, but it's a company who does this custom program on contract, and I'm not sure if they think it's their issue. It's hard to say right now.
Who setup the server?
Who installed the application?
If the vendor is the answer for both of those questions, I would say it is their issue. 😀
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
September 24, 2010 at 4:41 pm
Lately we've been noticing slowdowns in the database too but I believe this may be unrelated and something to do with our connection.
If the failed login attempts are continous this could contribute to the slowdown. Since it is taking up some resources for SQL Server to handle the login attempts. You would have to expand a little more on what "slowdowns" means in your situation.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
September 24, 2010 at 5:13 pm
Shawn Melton (9/24/2010)
Lately we've been noticing slowdowns in the database too but I believe this may be unrelated and something to do with our connection.
If the failed login attempts are continous this could contribute to the slowdown. Since it is taking up some resources for SQL Server to handle the login attempts. You would have to expand a little more on what "slowdowns" means in your situation.
To answer your first question, the server is managed and was set up by me. It's here in the server room now. The slowdowns will be lag time in Access. So let's say the user is flipping through records in access with arrow buttons that go back and forth between records. She can flip forward very quickly for 6 or 7 seconds, and then the machine halts for a few seconds, and continues to pick up afterwords. I watch the server's resource usage during all of this and it's next to nothing.
September 24, 2010 at 9:42 pm
To answer your first question, the server is managed and was set up by me. It's here in the server room now. The slowdowns will be lag time in Access. So let's say the user is flipping through records in access with arrow buttons that go back and forth between records. She can flip forward very quickly for 6 or 7 seconds, and then the machine halts for a few seconds, and continues to pick up afterwords. I watch the server's resource usage during all of this and it's next to nothing.
Does this happen when they are connected to the school network or when they are remote (outside the network)?
What requirement does she have that requires she "flip forward very quickly"? I mean that in if the form in MS Access is linked to a table in SQL Server that has a large amount of records, I can expect that delay/lag. Trying to pump records one at a time can be sluggish when dealing with ODBC connections.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
September 24, 2010 at 9:47 pm
I watch the server's resource usage during all of this and it's next to nothing.
You might watch the network resources on the server, if you have not already. Maybe setup a perfmon job to capture network objects to see if that shows anything over time.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
Viewing 11 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply