Recently we started getting alerts as below :
- EventID 18456 – Login failed for user 'abc'. Reason: Could not find a login matching the name provided. [CLIENT: xx.xx.xx.xxx]
- EventID 17828 –
The prelogin packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library. [CLIENT: xx.xx.xx.xxx]
Below are the steps I did so far to find the Hostname using the Client IP in above log (xx.xx.xx.xxx) :
nststat -a xx.xx.xx.xxx
This does not give me any information about Client Host name and says HostName not found .
ping -a xx.xx.xx.xxx
This gives me Reply message for IP mentioned .
nslookup xx.xx.xx.xxx
Domain cant find IP.
What else should I do to find out what is wrong with failed login and whose login it is and from which machine ?
Best Answer
Try the following (taken from https://stackoverflow.com/questions/15873060/how-to-get-machine-name-from-ip-address-in-sql-server-2008)