When a connection attempt is rejected because of an authentication failure that involves a bad password or user name, a message similar to the following is returned to the client: "Login failed for user 'user_name'. (Microsoft SQL Server, Error: 18456)".
When a connection attempt is rejected because of an authentication failure that involves a bad password or user name, a message similar to the following is returned to the client: "Login failed for user 'user_name'. (Microsoft SQL Server, Error: 18456)".
To increase security, the error message that is returned to the client deliberately hides the nature of the authentication error. However, in the SQL Server error log, a corresponding error contains an error state that maps to an authentication failure condition. Compare the error state to the following list to determine the reason for the login failure.
State | Description |
1 | Error information is not available. This state usually means you do not have permission to receive the error details. Contact your SQL Server administrator for more information. |
2 | User ID is not valid. |
5 | User ID is not valid. |
6 | An attempt was made to use a Windows login name with SQL Server Authentication. |
7 | Login is disabled, and the password is incorrect. |
8 | The password is incorrect. |
9 | Password is not valid. |
11 | Login is valid, but server access failed. One possible cause of this error is when the Windows user has access to SQL Server as a member of the local administrators group, but Windows is not providing administrator credentials. To connect, start the connecting program using the Run as administrator option, and then add the Windows user to SQL Server as a specific login. |
12 | Login is valid login, but server access failed. |
18 | Password must be changed. |
Other error states exist and signify an unexpected internal processing error.
If you are trying to connect using SQL Server Authentication, verify that SQL Server is configured in Mixed Authentication Mode.
If you are trying to connect using SQL Server Authentication, verify that SQL Server login exists and that you have spelled it properly.
If you are trying to connect using Windows Authentication, verify that you are properly logged into the correct domain.
If your error indicates state 1, contact your SQL Server administrator.
If you are trying to connect using your administrator credentials, start you application by using the Run as Administrator option. When connected, add your Windows user as an individual login.
If the Database Engine supports contained databases, confirm that the login was not deleted after migration to a contained database user.
When connecting locally to an instance of SQL Server, connections from services running under NT AUTHORITY\NETWORK SERVICE must authenticate using the computers fully qualified domain name.
Name | Description | Default Value |
Enabled | Enables or disables the workflow. | Yes |
Priority | Defines Alert Priority. | 1 |
Severity | Defines Alert Severity. | 1 |
Target | Microsoft.SQLServer.2012.DBEngine | ||
Category | EventCollection | ||
Enabled | False | ||
Event_ID | 18456 | ||
Event Source | $Target/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/ServiceName$ | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Application |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ | DataSource | Microsoft.Windows.EventProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.SQLServer.2012.Login_failed__Account" Target="SQL2012Core!Microsoft.SQLServer.2012.DBEngine" Enabled="false" ConfirmDelivery="true" Remotable="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>$Target/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/ServiceName$</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>18456</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.SQLServer.2012.Login_failed__Account.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>Event ID: $Data/EventDisplayNumber$. $Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>