x

Domain account getthing locked

Hi,

For some reason, my windows domain account keeps getting locked. I have checked the event viewer and found that the sqlserv.exe is attempting to connect with my account. but i have checked all the sql server agent jobs and the services none of them are linked to my domain account. i am not sure what is causing this. It gets locked out in the odd timings where there when there is no backup or anything kind of activity happening at my end.
more ▼

asked Feb 15, 2012 at 03:36 PM in Default

Katie 1 gravatar image

Katie 1
1.4k 132 163 202

the process name is definitely sqlserv.exe? See: http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=WORM_SDBOT.BZO

SQLServer processes are normally SQLServr.exe - at least the 2005, 2008 & 2012 instances I'm running here are... ;)
Feb 17, 2012 at 11:45 AM ThomasRushton ♦
(comments are locked)
10|1200 characters needed characters left

3 answers: sort newest

If I ask myself when could be my windows account is locked, it should be when I try to supply the username and password. So the few possibilities could

  1. The credentials are used on OS level.
  2. On SQL Server, whenever the credentials are supplied manually. By default it is a tokenized process which is handled by the Windows, no password is supplied.

Now, at the OS level, I am assuming that you have make sure that no where your password is saved OR no one/ application is using your user name and password.

At SQL Server level, I can think of only 3 scenarios when the credentials are supplied (there could be more)

  1. Whenever you try to use SSMS with RUN AS option
  2. A proxy account
  3. xp_cmdshell proxy account (which is the same as above)

For the first one, you can track down at OS level. For rest of the two, following script should help you out

USE msdb ;
GO
SELECT * FROM sys.credentials 
GO

EXEC dbo.sp_help_proxy ;

If you found your username in the output, you may have find the root cause.

But also make sure nothing is happening at the OS level. This could be dangerous if someone is trying to use your username.
more ▼

answered Feb 16, 2012 at 02:48 PM

Usman Butt gravatar image

Usman Butt
13.9k 6 8 14

by checking in the sys credentials i found my ID, now to fix it what do i do? what does it mean? where do i check to clear that off of sql server?
Feb 17, 2012 at 04:01 PM Katie 1
Sorry for no response. I got stuck into an urgent matter. But seems like you have already sort it out :)
Feb 20, 2012 at 07:05 AM Usman Butt
Not really:) do i just delete that record for the MSDB table
Feb 20, 2012 at 10:52 PM Katie 1
Well that depends. If you do not want to have that credential, then you can DROP it. But that I would not recommend, until you find out whether it is used somewhere or not. Another way of doing it is to ALTER the credential with your new password. But if you have not taken any step yet, then how the account locking stopped? Or is it still the same?
Feb 21, 2012 at 05:00 AM Usman Butt
(comments are locked)
10|1200 characters needed characters left

Are you leaving SSMS open?
Do you have ongoing connections to SQL Server?
Do you leave query windows open overnight?
What is it trying to connect to that causes the lockouts?

I don't have the answer at hand but understanding the surrounding circumstances may help us troubleshoot further.
more ▼

answered Feb 15, 2012 at 06:25 PM

Blackhawk-17 gravatar image

Blackhawk-17
11.9k 28 31 36

(comments are locked)
10|1200 characters needed characters left
Can you profile the SQL Server to see if you can capture what is causing your account to be locked out? Just a thought...
more ▼

answered Feb 15, 2012 at 03:39 PM

JohnM gravatar image

JohnM
6.6k 1 3 7

You might also try the default trace (if enabled). If the account is getting locked out, that should mean it is probably still trying after the lockout so you should see failed login events show up for your account.
Feb 15, 2012 at 06:57 PM Shawn_Melton
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

New code box

There's a new way to format code on the site - the red speech bubble logo will automatically format T-SQL for you. The original code box is still there for XML, etc. More details here.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x582
x7
x7

asked: Feb 15, 2012 at 03:36 PM

Seen: 2670 times

Last Updated: Feb 21, 2012 at 05:00 AM