SQL Server 2014 – Finding ClientHost Using ClientIP

loginsNetworksql serversql server 2014

Recently we started getting alerts as below :

  • EventID 18456 – Login failed for user 'abc'. Reason: Could not find a login matching the name provided. [CLIENT: xx.xx.xx.xxx]
  • EventID 17828 –
    The prelogin packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library. [CLIENT: xx.xx.xx.xxx]

Below are the steps I did so far to find the Hostname using the Client IP in above log (xx.xx.xx.xxx) :

  1. nststat -a xx.xx.xx.xxx

This does not give me any information about Client Host name and says HostName not found .

enter image description here

  1. ping -a xx.xx.xx.xxx

This gives me Reply message for IP mentioned .

  1. nslookup xx.xx.xx.xxx

Domain cant find IP.

What else should I do to find out what is wrong with failed login and whose login it is and from which machine ?

Best Answer

Try the following (taken from https://stackoverflow.com/questions/15873060/how-to-get-machine-name-from-ip-address-in-sql-server-2008)

declare @IP as varchar(15)
declare @cmd as varchar(1000) 
set @IP='xxxxx' 
SET @cmd = 'ping -a -n 1 ' + @IP 
Create Table #Output (Output varchar(150) default(''))
INSERT INTO #Output 
EXEC xp_cmdshell @cmd 
Begin try 
Select top 1 Replace(LEFT([Output],CHARINDEX('[', [Output])-2),'Pinging ','') as HostName from #Output where Output like 'Pinging%'
End Try 
Begin catch 
Select 'Host name for:' + @IP +' could not be find'
End catch
Related Question