Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
JB457
Starting Member
2 Posts |
 Posted - 2009-02-26 : 07:31:31
|
| I've just inheritied a SQL 2005 SP2 system which no one knows anything about. While taking a look at the activity log I see dozens and dozens of the following errors:login failed for user 'sa'.[CLIENT:<local machine>] Error: 18456, Severity: 14, State: 8They run all night long and happen as frequently as a second apart or as far as a few minutes. Then there are periods where hours go by and then it's right back at it again. State 8 tells me it's a password mismatch and I know it's coming from the local machine so it's probably not a hack (it's also been going on for at least a year based on the logs). The instance is in mixed mode (Windows/SQL auth), sa has it's default database set to master. There is a maintenance plan with 5 sql jobs associated with it. They are all owned by sa and they are all running fine with no errors or failed jobs. There are no scheduled tasks on the server. So two questions:1. Anyone seen this before and have a fix?2. Any ideas on how I can track down what is trying to connect to database?Thanks. |
|
|
sodeep
Master Smack Fu Yak Hacker
7174 Posts |
Posted - 2009-02-26 : 09:15:46
|
quote:
Originally posted by JB457
I've just inheritied a SQL 2005 SP2 system which no one knows anything about. While taking a look at the activity log I see dozens and dozens of the following errors:login failed for user 'sa'.[CLIENT:<local machine>] Error: 18456, Severity: 14, State: 8They run all night long and happen as frequently as a second apart or as far as a few minutes. Then there are periods where hours go by and then it's right back at it again. State 8 tells me it's a password mismatch and I know it's coming from the local machine so it's probably not a hack (it's also been going on for at least a year based on the logs). The instance is in mixed mode (Windows/SQL auth), sa has it's default database set to master. There is a maintenance plan with 5 sql jobs associated with it. They are all owned by sa and they are all running fine with no errors or failed jobs. There are no scheduled tasks on the server. So two questions:1. Anyone seen this before and have a fix?2. Any ideas on how I can track down what is trying to connect to database?Thanks.
Can you track with SQL profiler? |
 |
|
|
JB457
Starting Member
2 Posts |
Posted - 2009-02-26 : 10:32:32
|
| Why didn't I think of that? It's the Report Server going crazy. I guess they never configured it correctly. Thanks for the suggestion. |
|
|
|
sodeep
Master Smack Fu Yak Hacker
7174 Posts |
Posted - 2009-02-26 : 10:34:26
|
| Or If you wanna Track I.p Use this:http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=120477 |
|
|
|
|
|
|
Multiple failed logins for 'sa'