May 4, 2011 at 11:32 am
Lowell (5/4/2011)
did you find out what it was? was it a job or a script or application that was running?
select * from T_DBA_FailedConnectionTracker
order by tsRegistration desc
I get :-
<ApplicationName>.Net SqlClient Data Provider</ApplicationName>
using 'sa' and trying every minute to connect to master db
Regards,
Sushant
Regards
Sushant Kumar
MCTS,MCP
May 4, 2011 at 11:42 am
Track down the ip address from that log table you just created and find out what application resides there. An application is using .Net 3.5 to connect to the database, you need to find the source machine and connection string that is doing it.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
May 4, 2011 at 1:03 pm
SQLRNNR (5/4/2011)
Track down the ip address from that log table you just created and find out what application resides there. An application is using .Net 3.5 to connect to the database, you need to find the source machine and connection string that is doing it.
This was in the failedLogin data....
where is the ip adrress??
<EVENT_INSTANCE>
<EventType>AUDIT_LOGIN_FAILED</EventType>
<PostTime>2011-05-04T15:00:42.840</PostTime>
<SPID>59</SPID>
<TextData>Login failed for user 'sa'. [CLIENT: <local machine>]</TextData>
<DatabaseID>1</DatabaseID>
<NTUserName />
<NTDomainName />
<HostName>servername</HostName>
<ClientProcessID>2684</ClientProcessID>
<ApplicationName>.Net SqlClient Data Provider</ApplicationName>
<LoginName>sa</LoginName>
<StartTime>2011-05-04T15:00:42.837</StartTime>
<EventSubClass>1</EventSubClass>
<Success>0</Success>
<ServerName>servername</ServerName>
<Error>18456</Error>
<DatabaseName>master</DatabaseName>
<RequestID>0</RequestID>
<EventSequence>451616</EventSequence>
<IsSystem />
<SessionLoginName>sa</SessionLoginName>
</EVENT_INSTANCE>
Regards,
Sushant
Regards
Sushant Kumar
MCTS,MCP
May 4, 2011 at 2:01 pm
I'm glad you managed to use the failedconnectiontracker 😉
So it must be a local process, non sqlagent direct related.
( i mean a sqlagent job has recognisable text sqlagent in the application name)
It can be e.g. an exe started by sqlagent, or any other stuff that builds its own connection.
Double check if there are scheduled tasks that connect to your instance and are using the sa account.
Of course that is to be avoided !
I'll be out of the office for the remainder of the week, but I'm sure our peers will be supporting you on this thread.
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
May 4, 2011 at 2:03 pm
SQLRNNR (5/4/2011)
ALZDBA (5/4/2011)
Maybe this can help out.Failedconnectiontracker is using sqlserver event notifications to capture all login info.
We have a dba database on every sqlserver instance to host all sysadmin/dba systems stuff.
In the script you'll see this database called "ddbaserverping"
Just create your own dba database and replace ddbaserverping with your own dbname.
I hope it helps.
Johan
Great Stuff Johan
Thanks.
It's is one of the things we install on every instance, but only enable if we get alerts for failed logins or for those instances where we would expect sampling.
Of course there is also a ConnectionTracker event notification. If you search "T_DBA_ConnectionTracker" at SSC you'll find the script.
We record every connecting client/application_name/user/ipaddress combination once a day on every instance to follow up if our licensing still is ok (cal/proc based choice)
You can also find its origin in my little article called "http://www.sqlservercentral.com/articles/Administration/64974/"http://www.sqlservercentral.com/articles/Administration/64974/
And in my thread having troubles with one of its first versions having performance problems:
http://www.sqlservercentral.com/Forums/Topic851938-1281-1.aspx
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
May 5, 2011 at 9:52 am
I founded out the application whcih was trying to connect every minute.
I went into its (application) database connection settings and updated the 'sa' password and everything seems to be fixed now..No more failed logins.
Thanks a lot every1.
Regards,
Sushant
Regards
Sushant Kumar
MCTS,MCP
May 5, 2011 at 9:54 am
That's good to hear. Glad you found and fixed it. I would recommend getting that application off of using the sa account.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
May 5, 2011 at 9:55 am
change it again. if you typed in the password in a config file, it's in clear text in that file and a security risk of the highest order.
create a new user with the name of the application as the SQL Login name, and give it a new password.
then change the config file agian.
that way in the future, when you see Login Failed for "AppScanningEveryMinute", you have a better clue about what is going on.
Lowell
May 5, 2011 at 9:57 am
Lowell (5/5/2011)
change it again. if you typed in the password in a config file, it's in clear text in that file and a security risk of the highest order.create a new user with the name of the application as the SQL Login name, and give it a new password.
then change the config file agian.
that way in the future, when you see Login Failed for "AppScanningEveryMinute", you have a better clue about what is going on.
Agreed
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
May 5, 2011 at 10:01 am
.
Regards
Sushant Kumar
MCTS,MCP
May 5, 2011 at 10:02 am
Lowell (5/5/2011)
change it again. if you typed in the password in a config file, it's in clear text in that file and a security risk of the highest order.create a new user with the name of the application as the SQL Login name, and give it a new password.
then change the config file agian.
that way in the future, when you see Login Failed for "AppScanningEveryMinute", you have a better clue about what is going on.
Excellent thought !
Regards
Sushant Kumar
MCTS,MCP
Viewing 11 posts - 16 through 25 (of 25 total)
You must be logged in to reply to this topic. Login to reply