July 28, 2009 at 8:52 am
I am receiving an error in the server logs and event logs for this weird account. I cannot identify where it is coming from however I know that it is a sql acccount trying to login to this server, but there is not sql account defined to access the database with this name.
See below:
Login failed for user 'AMTSCS_BG-EPW-ALTNS01.BOSTON-GLOBE_4Zf$X*2z/a'. The user is not associated with a trusted SQL Server connection. [CLIENT: 10.60.28.114]
I am not sure how to identify where this is coming from. We have the sql server to accept windows only logins. I'm not sure how to resolve because the login name is so weird.
Does anyone have any advice or direction they can provide me.
Thanks.
Patti
July 28, 2009 at 9:00 am
If the IP address is coming from a gateway, proxy server or webserver then its harder, otherwise that IP is the machine trying to log in. If its from a webserver look at the IIS logs.
The probability of survival is inversely proportional to the angle of arrival.
July 28, 2009 at 9:10 am
The ip address that you see in the error message is the sql server ip. That is why it is so difficult to identify.
July 28, 2009 at 9:10 am
Is that name related in any way to your company? If not, you are likely having someone probing for a SQL Server. I'd agree that you need to backtrack this through the network, either through a proxy or web server.
July 28, 2009 at 9:21 am
If that IP is the SQL server IP then it is a process executing on the local SQL Server box. Possibly a schedule task? Or maybe your server is infected....
The probability of survival is inversely proportional to the angle of arrival.
July 28, 2009 at 9:22 am
Part of the name is related to the company except for a portion of it makes no sense. We are getting hit every 1/2 seconds and filling up the sql logs.
July 28, 2009 at 12:25 pm
Try to set up a profiler to trace the login...maybe it will tell you where it is from..
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply