Insufficient Permission 14

  • I have recently taken some databases offline on testing server. They are mainly sharepoint databases some one created years ago for testing.

    But now I get SQL alert: Insufficient Permission 14

    in the log we got Message

    Login failed for user 'mydomain\user'. [CLIENT: 10.50.11.44]

    I know this may be related with the offline databases. Since they are no longer accessible,

    is there a way that I can find out what the databases it tries to connect, and from what application or server it calls from?

    Thanks

  • your best bet is to fire a Profiler trace and select only the event Audit Login Failed event, choose all columns and run the trace..


    Bru Medishetty

    Blog -- LearnSQLWithBru

    Join on Facebook Page Facebook.comLearnSQLWithBru

    Twitter -- BruMedishetty

  • Login failed for user 'mydomain\user'. [CLIENT: 10.50.11.44]

    You can find from the ipaddress which server is the call comming from. Just do ping -a ipaddress. You will know the server name.

  • I tried profile, but I didn't see the login name for this user show up.

    But this message was generated every one 1 minute.

    I don't know the IPAddress which this user comes from, where I can check?

    THanks

  • SQLback (2/8/2012)


    You can find from the ipaddress which server is the call comming from. Just do ping -a ipaddress. You will know the server name.

    I have seen on multiple occasions myself, where there is no information about the IP Address.. Yes if the IP Address is available in the SQL Server Error log, then nslookup that ipaddress would give more information about that host/server from which the login is being tried..


    Bru Medishetty

    Blog -- LearnSQLWithBru

    Join on Facebook Page Facebook.comLearnSQLWithBru

    Twitter -- BruMedishetty

  • Thanks, I found the IP address, it should be right after the client.

    I found the server name, will check into it.

    Thanks,

    Also is there a way that I can find out what database it tried to login to?

  • I don't know the IPAddress which this user comes from, where I can check?

    The ip address is there in the error message.

    Login failed for user 'mydomain\user'. [CLIENT: 10.50.11.44]

    It look like this is not a public ip address. Go to the command prompt and type

    ping -a 10.50.11.44. You will see the server name . If this doesnt work try what bru suggested which is nslookup 10.50.11.44

  • You should have a column in Profiler trace that can help you with the application name, database and many additional columns...


    Bru Medishetty

    Blog -- LearnSQLWithBru

    Join on Facebook Page Facebook.comLearnSQLWithBru

    Twitter -- BruMedishetty

  • I run profile and add those columns, but in the login column, in the trace I cannot see the user name for this particular user.

  • Is there a way to stop this alert and error?

    Thanks

  • Not sure why that is missing, does it not give info regd the application or hostname, may be that can help track a bit more..


    Bru Medishetty

    Blog -- LearnSQLWithBru

    Join on Facebook Page Facebook.comLearnSQLWithBru

    Twitter -- BruMedishetty

  • I will check the calling server, and see if I can find something, and will post back

    Thanks for the help

  • sqlfriends (2/8/2012)


    Is there a way to stop this alert and error?

    Thanks

    Yes you can, but it is not suggested to do it, making it not possible to know if there is any failures from Authorized users AND / OR if there are any malicious users trying to connect with a bad intent..

    To disable this logging, on your Server name right click and choose properties, select Security, under Login Auditing choose None..


    Bru Medishetty

    Blog -- LearnSQLWithBru

    Join on Facebook Page Facebook.comLearnSQLWithBru

    Twitter -- BruMedishetty

  • Is there a way to stop this alert and error?

    Stop the application on the source server from making these calls.

  • I login to the application server, I cannot find what application is trying to connect to this sql server.

    and I see in this SQl server windows event viewer, security, there is no failured logins. it seems this user login to the network successfully.

    So is there any other way to stop this?

Viewing 15 posts - 1 through 15 (of 19 total)

You must be logged in to reply to this topic. Login to reply