Comments on: Identifying the source of SQL Server login failures (18456 errors)

By: Ajmer Dhariwal

Ajmer Dhariwal — Fri, 04 May 2012 18:56:39 +0000

SPN’s for SQL Server can be a nightmare to configure, especially on a cluster. I guess you’ve already stepped through this doc: http://msdn.microsoft.com/en-us/library/ms189585(v=sql.90).aspx but it’s worth double-checking and listing out the SPNs (via SetSpn -L SQLServiceAccount).

I would also check via management studio:
– the account is not disabled
– the database user account associated with that login is not orphaned or somehow disabled in the default database associated with that login (displayed on the login’s properties)

Worth also ensuring that that these accounts haven’t become locked in AD.

Let me know if that helps at all.

By: DetRich

DetRich — Fri, 04 May 2012 17:30:15 +0000

Hello,

When attempting to implement kerberos authentication between BizTalk 2006 servers and SQL 2005 servers, SQL will not restart after SPN’s are created. SQL is clustered over 2 nodes. SQL runs under one service account and BizTalk is running under a different account. After restarting SQL, we get failed logins, Severity 14, State 11.

We changed the password on the account that is running SQL, changed the password entry for SQL in the Services console and in the Cluster Admin console, but continued getting same errors. Eventually, after resetting password several times, it finally started successfully. The only errors seen between SQL Agent, Server and Event logs are the 18456, 14,11.

The error state indicates “Login valid but server access failed”. What exactly does this mean? Access to what has failed? How do I troubleshoot this?

By: Anonymous

Anonymous — Tue, 27 Dec 2011 20:49:27 +0000

Searched for hours until coming across this entry — great article! Thank you for sharing!

By: Ajmer Dhariwal

Ajmer Dhariwal — Sat, 10 Dec 2011 17:56:59 +0000

This is the sql server agent account and it sounds like the account is locked out or disabled in some way.
From a dos prompt run “net user /domain” where is the full service account name (including domain name) and check the Account Active status and there is no password expiry for the account.
If that doesn’t help then send me the full fragment from the error log showing the login failure.

By: philip

philip — Fri, 09 Dec 2011 15:55:48 +0000

awsome article, it allowed me to find the process and the service but i’m still getting the lock outs. they are happening on the master database of our sql1/sql1 instance. the process is sqlagent90.exe and the service is SQL Server(sql1) i have verified that the account running the service is correct, i have verified that the service account is in the security folder of the master database.

our sql enviorment is in a MS cluster. this failure aduit is only happening on this node of the cluster. i’m lost as to what to do now.

By: Ashish Jain

Ashish Jain — Fri, 25 Nov 2011 08:49:29 +0000

Very important and nicely written post

By: Ajmer Dhariwal

Ajmer Dhariwal — Thu, 03 Nov 2011 17:43:34 +0000

The trace can be stopped or paused and saved so you can go back over it in your own time.
You can capture a similar trace of the processes and their PIDs by running an e.g. perfmon trace, or you can just open a DOS prompt (command window) on the host sending the invalid logins and typing “tasklist” and hitting return.
This will list all the processes running on that host along with their PIDs which you can then reconcile with the trace output. You can also redirect the tasklist output to file via “tasklist > c:\temp\tasks.txt”. If you use the following syntax with “tasklist >> c:\temp\tasks.txt” you can append the output to a text file, which means you can repeatedly run the tasklist command on a scheduled basis, for example, and this will allow you to capture all the processes and their PIDs over the time interval you schedule it for. With the trace and tasklist data saved you can go over it at your lesiure to reconcile the logins with their PIDs.

By: Diane

Diane — Wed, 02 Nov 2011 16:06:17 +0000

Thank you for the information. This has been somewhat helpful, at least more so than other articles I have found. I am having one issue though. The trace is capturing the information but it goes by so fast I can’t catch the PID on task manager when it’s caught in profiler. Is there anything I can do to see this? I don’t know what process is running to cause failure and that is what I am trying to catch. Please advise.

Much thanks!!!

By: Crystal Reports Generating SQL Server Error 18456 Severity 8 Error Logs « Justin Cooney – Senior Programmer / Analyst

Mon, 03 Oct 2011 17:42:39 +0000

[...] Identifying the source of SQL Server login failures (18456 errors) Share this:TwitterLike this:LikeBe the first to like this post. [...]

By: Deb

Deb — Fri, 12 Aug 2011 20:34:23 +0000

I was getting those mysterious Error: 18456, Severity: 14, State: 38. messages every three minutes on one of my test servers, and this helped me pinpoint the db name and the client process that was trying to access it. I had suspected it was a database we recently migrated to a production server, and the application support person was arguing it couldn’t be, he had changed all the pointers. This solved the argument quickly and finally.

Thanks very much for posting this info.