sa password resets itself

  • We have a new server with SQL 2000.  Whenever the server is shutdown and restarted, the sa password resets itself.  I have been unable to find anything on this here or on the MS site.  Anyone heard of this before, and is there a fix?

    TIA

    Paul

  • What do you mean by the password resets itself? Does it revert to a blank password?

  • Actually the opposite.  Because of a canned program where they hard-coded a blank sa password, ours is blank.  I'm fighting with them to change that, but in the mean time, I'm stuck with it.  So it changes itself from blank to something else (can only see "*" in the box).

  • So the fix is reset to blank?

    Is this an SP3 box? Possibly something in the config I'm not aware of that resets this. If you can't get confirmation on Technet or Google, I'd call PSS.

    How are you verifying the pwd changed? App unable to connect or are you verifying with QA? Can you set to blank, test, restart, test and post results?

  • Yes, SP3.  To be honest, I'm more of an Access developer and "all-around" tech person.  I'm not strong in SQL Server's inner workings.  I'm not sure I've "verified" this as the problem.  Symptoms include users unable to connect after the server is restarted.  If I try to link to a SQL table from Access I get a "Login failed for user sa" error.  I go into Enterprise Manager and change the password to blank: users connect fine, all is well.  This has happened twice now when the server shut down due to power outages (shut down by PowerChute software).  I'm not sure how to verify with QA (Query Analyzer?).

    I can do the test, but probably not until next week.  This is a busy 24/7 operation, but the server will be shut down for routine maintenance/updates next week.

    Thanks for the help!

    Paul

  • check if there is any stored procs that execute at startup that may change the password.  use sp_configure and look for the parameter scan for startup procs.  If this is set to 0 then no startup procs execute.  If it is set to 1, the SQL Server scans for startup procs as defined by sp_procoption

    Francis

  • Min = 0, Max = 1, Config_value = 0, run_value = 0

    So it doesn't look like there are any start up procs?  In the logs during startup I see these.  Are they normal?  I see similar entries in another SQL Server we have, so I assume so.

  • You're right..  no startup procs.  The Config value would be = 1.  If you had a test machine you could try it there.  Otherwise wait until you can restart the box and look at Steve's suggestion.

    Francis

  • could some app be changing the sa password?

    That's scary!


    * Noel

  • Just an idea, if you're not absolutely sure the password is being reset to something else, then:

    -obviously you have another login you can use (when you reset the sa pwd)

    -so when the Access link fails, right at that moment try to link to the SQL Server table in question using a completely new link

    (File...Get External Data...Link Tables..ODBC databases...new DSN) and using your other id/pwd.

    -if it works, try sa again.

    -I have seen this fail right after startup due to timeouts, works on second try.

  • Thanks PhilM99,

    I'm pretty sure the password is being reset.  I don't actually use another login, I change it back through Enterprise Manager.  I'm in the process of creating other logins, so I'll test that the next time it happens.

    As an update, it happened again without the server restarting, so there's something else causing this.

    Paul

  • Another way a rogue procedure could be resetting the sa password is by SQL Agent - there could be a job scheduled to start when SQL Agent starts.

    Just something to check out.


    Cheers,
    - Mark

  • I've seen this happen before.  It is the result of a successful hack.  Refer to the following post for details:

    http://www.sqlservercentral.com/forums/shwmessage.aspx?forumid=6&messageid=112198

    Anyway, the hacker who is using your box to host pirated software is probably changing your SA password so other hackers running the same script can't take his/her box away.  Change your SA password to something extremely long (at least longer than 32 characters), and then search the volumes connected to the sql server for hidden rar files.

Viewing 13 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic. Login to reply