• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 32 subscribers
  • Views 980 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SQL logs flooded with failed login attempts

dmosley

We currently use the AppInsight for SQL monitor as well as the SQL Server 2005-2008 monitor on a few. I have set the "credential type" to "Windows credential" on all AppInsight templates. It appears the SQL Server 2005-2008 monitor template doesn't have that configuration option. While the monitors are working and logging in with Windows credentials, they are both still attempting to log in with SQL credentials as well. This is filling up the error logs on all instances. I submitted a problem ticket and this is the response I received:

" The ability to use an NTLM credential only is not currently available.  If you would like, I can submit a feature request to get this functionality added"

I have searched THWACK and have only found a few posts related to this issue. A few of which were left unanswered. I find this kind of strange since the AppInsight templates provide an option to select the type of credential you want to use. I also would find it odd that this would be considered "normal" and expected behavior to generate over 30 errors/hour/instance since every other DBA shop I'm aware of logs failed authentication attempts. This would also mean that the "option" to select the authentication method is nothing more than an ornament that actually serves no purpose. This doesn't seem to be something terribly difficult to implement since all you need to identify an Windows credential is the "\" backslash.

Is there anyone else with this issue? Am I missing something?

  • 0

    To reduce amount of failed attempts with incorrect authentication type you may want to use this setting which should be available for all "SQL user experience" components within your template:

    Sql.png

    However it will not help if login fails. In that case the other method will be attempted too. This setting is just about order/priority.

  • 0 in reply to Petr.Vilem

    Thanks for your response. I should have mentioned that I did verify that all of the components in the "SQL User Experience" monitors that I am currently using are set to use Windows authentication first. Those servers still manage to have about five failed login attempts logged per hour for whatever reason. Those monitors only make up two of the 45 instances I am monitoring while the rest are using the AppInsight template which is giving me the bigger headache.

  • 0 in reply to dmosley

    I know this is an old posting.  Is there any way to make SAM not use both Windows and SQL authentications, maybe separate them out into two checkboxes one to use Windows and another to use SQL and if you want both options then check them both.  If you have a SQL Clustered server with several database, then each database has several SQL End User Experience monitors you could end up with 7 K to 10 K messages about failed logins per day, which then makes it difficult to find the actual messages you are looking for. 

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.