Login failed for sa

  • Hello,

    Hoping somebody can help with this one.

    I've multiple messages in the error log with:

    "Login failed for 'sa'"

    There's only one person with this password in the company and no reason for anybody else to try and access the server with this password.

    I'm looking for what steps to trace backwards, to find out where the attempted login is coming from. A suggestion on the Microsoft newsgroup is to run profiler, which I've tried, but can't see any useful info.

    Any input into ways to acheive this would be most welcome.

    Thanks in advance.

    ---------------------------------------------
    If data can screw you, it will; never assume the data are correct.

  • You might have to run a sniffer for this. SQL Server responds when someone attempts to connect with the login informaiton. Not sure that Profiler traps this since the user hasn't logged in and started creating events.

    Network Monitor ought to be able to help ehre. are you runnign tcp/ip? then filter for port 1433 events. Trace them back to the originating IP. Could be someone trying to break it or could be some app.

    Steve Jones

    sjones@sqlservercentral.com

    http://www.sqlservercentral.com/columnists/sjones

    http://www.dkranch.net

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply