SQL: LOGIN FAILED ATTEMPT

MS-SQLSQL

Symptoms: Access was denied to the SQL server.

Impact: High

In the case of multiple access attempts failing, this could be a sign of an attack.

Expected behavior :

This alert indicates an abnormal access attempt and should be investigated.

Possible causes

User name/password has changed  Priority: Medium

Recommended action :
Check with the user trying to connect – if the user has access to Windows but not to SQL, check if that user has specific credentials.

Application credentials are wrong  Priority: Medium
Backing up over a network increases overall efficiency by reducing the number of backup devices. However, it also introduces another point of failure into the backup process.
Recommended action :
Check the credentials of the application trying to connect to SQL.

Background

This alert means that a user tried to connect to SQL and received a response indicating the user does not have access via name/password authentication, an application tried to connect to an SQL database and the credentials are invalid. User’s access is validated by Windows log-on process. A server’s credentials are contained in a record containing the authentication information needed to connect to a resource outside of SQL Server. A single credential can be mapped to multiple SQL Server logins. But a SQL Server login can be mapped to only one credential.

In the case of individual users with needs for wider access, credentials provide a way to allow SQL Server Authentication users to have an identity outside of SQL Server. This is primarily used to execute code in assemblies with a special permission set. Credentials can also be used when a user needs access to a domain resource, such as a file location to store a backup.

    Signup for the latest news and updates



    Share with friends:

    You may also like this:

    RECENT POSTS

    Menu