Symptoms: Access was denied to the SQL server.
Impact: High
In the case of multiple access attempts failing, this could be a sign of an attack.
Expected behavior :
This alert indicates an abnormal access attempt and should be investigated.
Possible causes
User name/password has changed Priority: Medium
Recommended action :
Check with the user trying to connect – if the user has access to Windows but not to SQL, check if that user has specific credentials.
Application credentials are wrong Priority: Medium
Backing up over a network increases overall efficiency by reducing the number of backup devices. However, it also introduces another point of failure into the backup process.
Recommended action :
Check the credentials of the application trying to connect to SQL.
Background
This alert means that a user tried to connect to SQL and received a response indicating the user does not have access via name/password authentication, an application tried to connect to an SQL database and the credentials are invalid. User’s access is validated by Windows log-on process. A server’s credentials are contained in a record containing the authentication information needed to connect to a resource outside of SQL Server. A single credential can be mapped to multiple SQL Server logins. But a SQL Server login can be mapped to only one credential.
In the case of individual users with needs for wider access, credentials provide a way to allow SQL Server Authentication users to have an identity outside of SQL Server. This is primarily used to execute code in assemblies with a special permission set. Credentials can also be used when a user needs access to a domain resource, such as a file location to store a backup.
