patternMinor
Windows Logs Application is full of "Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: ****]"
Viewed 0 times
fullthelogsapplicationuserdidloginmatchprovidedpassword
Problem
I have Windows Server 2016, with SQL Server 2017, and found Windows Log Application is full of Login failed messages (as follows) :
Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: ****]
Client's IP addresses are various. I don't have any maintenance plan in SQL Server
What's the problem?
Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: ****]
Client's IP addresses are various. I don't have any maintenance plan in SQL Server
What's the problem?
Solution
It looks like your SQL Server is exposed to Public Internet, and someone is trying to brute force (hack) password from your SA account...
I had the same situation when one of my SQL Servers was in Azure and exposed to Public Internet on port 1433
SOLUTION: You need to configure firewall properly to only let IP addresses / apps / users you trust, to access your SQL Server
If your SQL Server is in Azure, go configure Network Security Group;
If its in the On-premise data center -> configure your firewall
I had the same situation when one of my SQL Servers was in Azure and exposed to Public Internet on port 1433
SOLUTION: You need to configure firewall properly to only let IP addresses / apps / users you trust, to access your SQL Server
If your SQL Server is in Azure, go configure Network Security Group;
If its in the On-premise data center -> configure your firewall
Context
StackExchange Database Administrators Q#254312, answer score: 5
Revisions (0)
No revisions yet.