Hi, Our SQL Server 2016 Service account got locked after 3 failed login attempts, When this happened, all login attempts by any login were denied due to trigger execution. After 30 minutes(account automatically unlocked), everything returned to normal. Is this Normal SQL behavior?
Yes it is normal behaviour.
Now the question you really need to ask yourself is why someone was attempting to login as the service account?
No one should be logging in as the service account, it should be denied interactive login rights, heck better still in 2023 start using MSA/gMSA accounts then no one know the password and AD handles everything for you.
People logging in as the service account would constitute a major security breach in many places I have worked.
Were they trying to elevate their rights to do something they shouldn’t be able to do? Were they trying to compromise the system somehow?
Yeah looks like you need to go and do a full security audit on everything and get up to speed with major changes in relation to cybersecurity.
,Yes
17 People are following this question.
