Home
  •  

Login failed: Error during validation

Microsoft.SQLServer.2012.Login_failed__Error_during_validation_5_Rule (Rule)

Knowledge Base article:

Summary

A user attempted to log in to SQL Server. An unexpected error occurred during validation. The Windows security log will identify the user name and error ID under MSSQLSERVER event ID 18468.

Causes

An unexpected condition was reached by the password validation code. This could indicate an internal error, memory corruption, or a Windows API error.

Resolutions

Contact Microsoft Product Support and Services.

Overrideable Parameters

Name

Description

Default Value

Enabled

Enables or disables the workflow.

Yes

Priority

Defines Alert Priority.

1

Severity

Defines Alert Severity.

1

Element properties:

TargetMicrosoft.SQLServer.2012.DBEngine
CategoryEventCollection
EnabledTrue
Event_ID18468
Event Source$Target/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/ServiceName$
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Login failed: Error during validation
{0}
Event LogApplication
CommentMom2012ID='{3CB80A2F-F855-498C-8096-37948E3418D9}';MOM2012GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Microsoft.SQLServer.SQLDefaultAccount
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.SQLServer.2012.Login_failed__Error_during_validation_5_Rule" Target="SQL2012Core!Microsoft.SQLServer.2012.DBEngine" Enabled="true" ConfirmDelivery="true" Remotable="true" Comment="Mom2012ID='{3CB80A2F-F855-498C-8096-37948E3418D9}';MOM2012GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="Windows!Microsoft.Windows.EventProvider" RunAs="SQL!Microsoft.SQLServer.SQLDefaultAccount">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>$Target/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/ServiceName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>18468</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.SQLServer.2012.Login_failed__Error_during_validation_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>Event ID: $Data/EventDisplayNumber$. $Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>