SA Lockout Err 15405 Cannot use special principal SA

  • Using sql Server 2005 

    Everything was working fine, then I got up one morning and everything was haywire.  I am working on a web site and when I try to login in I get the error message

    Login failed for user 'SA' because the account is currently locked out.

    I went to my SQL Server and was able to log in using my windows authentication.

    1.  My Server is set up for Sql Server and Windows Authentication mode

    2.  Most of the database permissions for sa were gone.  When I tried to adder use SA to any database role I got the error message Cannot use the special Principal SA (Sql Server Error message 15405)

    3.  I logged on to the server as SA and got the same results listed above.

    4.  I don’t have a problem any other Sql Server logins permissions in my database – it only seems to be a problem with SA.

    5.  I have tried shutting down the server (Sql Server) and restarting it, but that didn’t fix the problem.



    As I said before, this all seemed to  have happened overnight.  I am the only one using this server right now so I can’t figure out how these changes happened.


    I am using the evaluation copy of Windows Server for Small business Server, Build 3790 with SP1.  I have only been using it for 3 weeks so I am a long way from the end of the evaluation period, so I don’t think that is the problem.


    Do you have an explanation or solution for this problem?  Any feedback would be appreciated.


  • I assume you have an ID which has admin privileges.

    In SQL Server Management Studio, go to Security, then Logins.

    Double click on the sa account to bring up the properties sheet.

    On the general page, note the check boxes for Enforce password policy and Enforce password expiration. This is new for SQL 2005 - sa can be treated like a Domain User account for password complexity and expiration.

    The Status page will allow you to unlock the account.

    sa already has implied access, there shouldn't be a need to add it to any roles. sysadmin covers quite a bit.

    Books Online would be good to look at. Quite a few changes in this version.

    See if you can get by without re-enabling the sa account. It's generally not a good idea to use this account. And if policy did not disable the account, someone may have been trying to use it.

    Hope this helps.

    Greg E


  • I Have this issue running SQL Server 2008 and this message was in the log:

    "Login failed for user 'CENTRAL\operacao'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors"

    I could not use any other login except by the login that was used to install SQL Server. So the solution was:

    1) Login in the server with the same account used to setup SQL Sever.

    2) Run -- GRANT CONTROL SERVER TO "my login" for each user that you want to grant rights in the server.

    This worked for me.


    Eduardo Pin

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply