November 29, 2004 at 12:57 pm
I changed my sa password about a month ago. Since then, I get 30-40 messages a day about an invalid attempt by sa to login. All my scheduled jobs are completing normally and I cannot figure out where these attempts are originating. Anyone have any ideas on how to trap this data?
Terry
November 29, 2004 at 1:17 pm
Maybe you have an application which uses the sa password. Create a trace with profiler to trap this kind of events (Security Audit - Audit Login Failed)
Hope this helps.
November 29, 2004 at 9:12 pm
Hopefully you can track an IP or hostname. If you can't, you might need a network sniffer to find the traffic.
November 30, 2004 at 6:56 am
I followed the advice from TMP and found it was a service running that was no longer needed. Thanks for the advice.
Terry
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply