Sql-server – Windows Logs Application is full of “Login failed for user ‘sa’. Reason: Password did not match that for the login provided. [CLIENT: ****]”

sql-server-2017windows-server

I have Windows Server 2016, with SQL Server 2017, and found Windows Log Application is full of Login failed messages (as follows) :

Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: ****]

Client's IP addresses are various. I don't have any maintenance plan in SQL Server

What's the problem?

Best Answer

A login attempt was made from the IP address given. The attempt was to log in using the credential sa. A password was supplied but it was not the correct password.

sa is the default sysadmin credential in SQL Server. Errorlog spam with this message usually means 1 of 2 things.

You have an application that was configured to use the sa crendential
You've made yourself a honeypot and a malicious actor has gained a pipe to your database server in an attempt to log in and take it over.

If it's #1, then go to the application you're hosting at that IP address and change its webconfig.

If it's #2, then you need to blacklist that IP address - preferably by firewalling your database server off from the public internet (which you should really do anyways to be frank).

Best Answer

Related Solutions

Sql-server – Login to SQL Server 2008 R2 remotely

SQL Server – How to Diagnose Unresponsive or Crashed SQL Server

Related Question