Forum Discussion
SQL Server account locked out and password did not match?
Hi
We have this situation that a SQL Server account has been having two different login failures recently. The errors appear in the SQL Server log without much details.
Wonder if any one had encountered the same situation and if it had been resolved?
The two different error messages are:
1.
Login failed for user 'sql_account_name'.Reason: The account is currently locked out. The system administrator can unlock it. [CLIENT: ip_of_another_computer]
2.
Login failed for user 'sql_account_name'. Reason: Password did not match that for the login provided. [CLIENT: <local machine>]
Note: I replaced the actual account name and ip with sql_account_name and ip_of_another_computer respectively.
I found a query that displays the user account SQL agent jobs run under, but I did not see this SQL account.
Also, I checked linked servers, but did not see this account.
Furthermore, I checked Windows services of the two computers in the error messages, but I did not see that SQL account.
I did look Windows task scheduler, but do not think we can use SQL account as run under for a task.
Any idea or insight?
Thanks
3 Replies
It looks like your SQL Server account is experiencing two distinct login failures:
Account Locked Out: This suggests multiple failed login attempts within a short period, triggering the account lockout policy.
Incorrect Password: This indicates that something is attempting to authenticate using an outdated or incorrect password.
Since you’ve already checked SQL Agent jobs, linked servers, Windows services, and Task Scheduler, here are a few more areas to investigate:
Check Active Directory (If Using Windows Authentication)
If the account is an AD user, check the lockout policy and review AD logs for failed login attempts.
Unlock the account in AD if needed (Active Directory Users & Computers → Find User → Properties → Account Tab).
Check SQL Server Logs in Detail
For example this query may help:
SELECT login_time, host_name, program_name, login_name FROM sys.dm_exec_sessions WHERE login_name = 'sql_account_name'
Also check error log with this sql query:
EXEC xp_readerrorlog 0, 1, N'Login failed'
And you can maybe audit/check running applications.
There might be an application, script, or process running under this account with an outdated password.
Check connection strings in web.config/app.config files if this account is used in applications.
Here are some possible sources where it can come from
- Application connecting via ODBC or using a connection string
- Scheduled task
A useful troubleshooting step would be to run netstat -ano in the command prompt on both computers. This will allow you to check if there is an active connection attempt to SQL. If a connection attempt is visible, the last column will show the Process ID (PID). You can then cross-reference this PID in Windows Task Manager to identify which application is attempting to establish the connection.
It's difficult to impossible to tell from SQL Server itself why something external to SQL Server attempted to log in, with the wrong password even.
Often, there's a hint in the account name what service is attempting the login, but that is dependant on whether the account was named in such a way when created.
