August 14, 2008 at 4:00 pm
SQL Gurus,
I have an issue where I'm running SQL 2005 on a Windows 2003 box. When I go to login to my app, which uses the sa account to authenticate to server using an ODBC connection, my app (3rd party vendor) returns back a sql error. I believe SQL server is check to see if my windows password is complex enough before adding it to the SQL server (see the below message). Any suggestions on how to turn that off?
SQL Error: [[Microsoft][ODBC SQL Server Driver][SQL Server] Password validation failed. The password does not meet Windows policy requirements because it is not complex enought.]
SQL: [csp_AddDMUser STATION1]
Thanks,
Dave:)
August 14, 2008 at 4:08 pm
First thought is to make your sa password complex enough to meet the password complexity requirements.
Otherwise, to disable that check; [font="Courier New"]ALTER LOGIN [sa] WITH CHECK_POLICY=OFF[/font]
August 14, 2008 at 4:23 pm
As pointed out, it's the sa account this error is being returned on, not a Windows account. SQL Server doesn't check passwords on Windows accounts. It relies on the operating system or Active Directory to do so. It will, however, enforce the operating system's requirements for passwords when dealing with SQL Server-based logins if you don't turn off the enforcement. This is on a login by login basis.
K. Brian Kelley
@kbriankelley
August 14, 2008 at 4:53 pm
I set the check policy to off for the SA account. So, I don't think that's it.
August 14, 2008 at 5:41 pm
It's not the Windows account, I guarantee that. Do you have Audit Failures turned on for SQL Server?
K. Brian Kelley
@kbriankelley
August 15, 2008 at 10:14 am
OK, this is going to be stupid question, how and where do I check that in SQL 2005? Are you talking about the log file viewer or profiler? Or, are you talking about the server audit log?
Thanks,
Dave
August 15, 2008 at 3:13 pm
In SSMS, if the server is listed in the Object Explorer:
- Right click on the server and choose Properties.
- Click Security in the left pane.
- Look at the second section in the right pane, Login auditing.
If you make a change, you'll have to restart SQL Server for it to take effect. SQL Server only checks the value (stored in the registry) at start-up.
K. Brian Kelley
@kbriankelley
August 15, 2008 at 3:52 pm
It set for failed logins only. Since that is set, should it show up in the SQL Server Log in SSMS?
August 15, 2008 at 4:10 pm
Dave,
What does the stored procedure csp_AddDMUser do? Is it that you can login to the application using the sa account but that the stored procedure errors out?
August 15, 2008 at 4:12 pm
Yes, it should. Meaning when you kick off the application and the error is generated, immediately check the SQL error logs. See what login shows up as failed.
K. Brian Kelley
@kbriankelley
August 15, 2008 at 4:18 pm
I guess its erroring out in the stored procedure somewhere. I'll have to take a look at it. I know at one point I was able to log into the server using the application.
August 15, 2008 at 4:50 pm
Below is what I get when I try running it manually.
USE [itiserver]
GO
DECLARE@return_value int
EXEC@return_value = [dbo].[csp_AddDMUser]
@username = N'STATION1'
SELECT'Return Value' = @return_value
GO
Msg 15118, Level 16, State 1, Line 1
Password validation failed. The password does not meet Windows policy requirements because it is not complex enough.
(1 row(s) affected)
August 15, 2008 at 5:11 pm
Is the @username that's passed into that stored procedure a SQL login? Do all usernames come back with the same error?
August 15, 2008 at 5:17 pm
Yes, I just create a test account and it came back with the same thing.
August 15, 2008 at 5:29 pm
What does that SP do? Can you post a script of that as an attachment?
Maybe it worked at one time because a password was saved somewhere such as an .ini or in the registry and the application used that.
Viewing 15 posts - 1 through 15 (of 18 total)
You must be logged in to reply to this topic. Login to reply