April 28, 2015 at 10:45 am
Hi All,
I am observing following login failure at some specific time on daily basis. This login doesn't exist either on the instance nor on the databases. I see that this domain account/login is suffixed with $ and it is trying open all the databases on the instance.
I referred the following blog: http://sqlblog.com/blogs/aaron_bertrand/archive/2011/01/14/sql-server-v-next-denali-additional-states-for-error-18456.aspx
and got to know more about state 38 of error 18456 and verified as per comments mentioned in the blog for state 38 but wasn't able to get through the issue. Can you please let me know how to troubleshoot this issue?
Message
Login failed for user 'domain\account$'. Reason: Failed to open the explicitly specified database '<database_name>'. [CLIENT: ]
Message
Error: 18456, Severity: 14, State: 38.
April 28, 2015 at 12:01 pm
I ran into the same issue when someone restored some databases to the wrong server. I was never told how this happened or how they were removed. They didn't embellish the login iD info or how it was removed either.
I created a blank database with the correct name <DatabaseName> and did not allow any auto growth. I then created the login and gave it enough permissions to access just this database.
This stopped the error log from filling up. However, I was never able to resolve this issue or on the server that was sending the commands. This is a work around at best and would never pass a security audit if one ran on the system depending on how hard they (Security) is looking at items on the servers such as login creations.
April 28, 2015 at 11:31 pm
When you have messages like this it's an application used on server account$ that uses local system (or network service) account to connect to the database. It's an incomplete configuration of an application that causes this so you may have a look at applications running on this server. It is very annoying indeed.
I have also created a dummy database or granted public access to the db that the account tries to connect to and traced activity on this user to see what it tries to do by reading the t-sql statements it sends to the database. I can then address the issue more clearly to the people who operates the application.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply