HiveBrain v1.2.0
Get Started
← Back to all entries
patternMinor

Windows Logs Application is full of "Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: ****]"

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
fullthelogsapplicationuserdidloginmatchprovidedpassword

Problem

I have Windows Server 2016, with SQL Server 2017, and found Windows Log Application is full of Login failed messages (as follows) :


Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: ****]

Client's IP addresses are various. I don't have any maintenance plan in SQL Server

What's the problem?

Solution

It looks like your SQL Server is exposed to Public Internet, and someone is trying to brute force (hack) password from your SA account...

I had the same situation when one of my SQL Servers was in Azure and exposed to Public Internet on port 1433

SOLUTION: You need to configure firewall properly to only let IP addresses / apps / users you trust, to access your SQL Server

If your SQL Server is in Azure, go configure Network Security Group;

If its in the On-premise data center -> configure your firewall

Context

StackExchange Database Administrators Q#254312, answer score: 5

Revisions (0)

No revisions yet.