Domain account getthing locked


For some reason, my windows domain account keeps getting locked. I have checked the event viewer and found that the sqlserv.exe is attempting to connect with my account. but i have checked all the sql server agent jobs and the services none of them are linked to my domain account. i am not sure what is causing this. It gets locked out in the odd timings where there when there is no backup or anything kind of activity happening at my end.

more ▼

asked Feb 15, 2012 at 03:36 PM in Default

avatar image

Katie 1
1.4k 132 164 205

the process name is definitely sqlserv.exe? See: http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=WORM_SDBOT.BZO

SQLServer processes are normally SQLServr.exe - at least the 2005, 2008 & 2012 instances I'm running here are... ;)

Feb 17, 2012 at 11:45 AM ThomasRushton ♦♦
(comments are locked)
10|1200 characters needed characters left

3 answers: sort voted first

If I ask myself when could be my windows account is locked, it should be when I try to supply the username and password. So the few possibilities could

  1. The credentials are used on OS level.

  2. On SQL Server, whenever the credentials are supplied manually. By default it is a tokenized process which is handled by the Windows, no password is supplied.

Now, at the OS level, I am assuming that you have make sure that no where your password is saved OR no one/ application is using your user name and password.

At SQL Server level, I can think of only 3 scenarios when the credentials are supplied (there could be more)

  1. Whenever you try to use SSMS with RUN AS option

  2. A proxy account

  3. xp_cmdshell proxy account (which is the same as above)

For the first one, you can track down at OS level. For rest of the two, following script should help you out

 USE msdb ;
 SELECT * FROM sys.credentials 
 EXEC dbo.sp_help_proxy ;

If you found your username in the output, you may have find the root cause.

But also make sure nothing is happening at the OS level. This could be dangerous if someone is trying to use your username.

more ▼

answered Feb 16, 2012 at 02:48 PM

avatar image

Usman Butt
14.6k 6 13 21

by checking in the sys credentials i found my ID, now to fix it what do i do? what does it mean? where do i check to clear that off of sql server?

Feb 17, 2012 at 04:01 PM Katie 1

Sorry for no response. I got stuck into an urgent matter. But seems like you have already sort it out :)

Feb 20, 2012 at 07:05 AM Usman Butt

Not really:) do i just delete that record for the MSDB table

Feb 20, 2012 at 10:52 PM Katie 1

Well that depends. If you do not want to have that credential, then you can DROP it. But that I would not recommend, until you find out whether it is used somewhere or not. Another way of doing it is to ALTER the credential with your new password. But if you have not taken any step yet, then how the account locking stopped? Or is it still the same?

Feb 21, 2012 at 05:00 AM Usman Butt
(comments are locked)
10|1200 characters needed characters left

Can you profile the SQL Server to see if you can capture what is causing your account to be locked out? Just a thought...

more ▼

answered Feb 15, 2012 at 03:39 PM

avatar image

14.3k 3 7 15

You might also try the default trace (if enabled). If the account is getting locked out, that should mean it is probably still trying after the lockout so you should see failed login events show up for your account.

Feb 15, 2012 at 06:57 PM Shawn_Melton
(comments are locked)
10|1200 characters needed characters left

Are you leaving SSMS open?
Do you have ongoing connections to SQL Server?
Do you leave query windows open overnight?
What is it trying to connect to that causes the lockouts?

I don't have the answer at hand but understanding the surrounding circumstances may help us troubleshoot further.

more ▼

answered Feb 15, 2012 at 06:25 PM

avatar image

12.1k 30 36 42

(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.



asked: Feb 15, 2012 at 03:36 PM

Seen: 4819 times

Last Updated: Feb 21, 2012 at 05:00 AM

Copyright 2018 Redgate Software. Privacy Policy