February 6, 2006 at 9:55 am
Last week I restarted the database service and ever since my log is filled with:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
This happens every 5 minutes. I've seen posts related to linked servers and this message so I shut down the only server that had a linked connection to this one. Did not help. I have no clue to where this failed user is coming from. Any tips on how to track this down? The security log doesn't give me much more info the what's above.
Thanks,
-c
February 6, 2006 at 10:18 am
Start a sql trace with SQL profiler.
With a bit of luck you can catch the hostname.
February 6, 2006 at 3:59 pm
You have to check the security log for the exact time the Null Login happens. I re-created the problem by logging locally on one server and trying to connect using Query Analyzer to another server. I did get the exact error message in Query Analyzer about the Null users not associated with trusted connection. In the security log on the server there were 2 Login Failed Messages with everything: user name, domain name, workstation name. Both servers are in the same domain, though. What is your entry in the Security log looks like for this event?
Regards,Yelena Varsha
February 6, 2006 at 11:46 pm
Although the security log may be your best bet for catching this process, I may be able to provide some insight as to the cause of this error. When a client attempts to connect to a SQL Server using Windows authentication, yet does not have a valid Windows account to use, your aforementioned error is displayed. For example, if you are logged in locally on a desktop (as opposed to being logged into a domain), and you connect to a SQL Server on an external machine, you should get this error (in QA, for example). Another reason you may get this error is connecting to a SQL Server that isn't in a windows domain using Windows authentication. If you know what applications use trusted connections as opposed to sql authenticaion, this may help you narrow down your search.
Thanks,
Eric
February 7, 2006 at 2:00 am
As this problem started after reboot, and the frequency is so specific, I would check that the SQL agent service account was not altered or that the account it uses still has access to sql server (i.e that it is defined to sql as a login) This could happen if builtin\administrators login has been removed from sql server but the agent is using the local system account to connect. Profile trace will help. Also check to see if any sql agent jobs are scheduled at this interval as a job may be running and connecting to sql server but failing.
February 7, 2006 at 7:39 am
Thanks for all the wonderful suggestions. I ended up taking a more trial and error approach. I did discover the username that was trying to login was an admin account for software we have. The security log and profiler helped but still left information out. From the security log the following lines were blank:
Workstation Name:
Logon GUID:-
Caller User Name:-
Caller Domain:-
Caller Logon ID:-
Caller Process ID: -
Transited Services: -
Source Network Address:-
Source Port:-
But it did have the username and domain. I was fortunate though that the system is not live yet. I knew the problem would most likely be coming from two servers. So I started by shutting down java listeners one at a time and monitoring the error logs. Bingo...when I shutdown the test listener my errors went away. Now I just have to figure out what's going on with that listener.
Thanks again
-c
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply