MSSQL 2016: Login failed: Password cannot be used at this time

Microsoft.SQLServer.2016.Login_failed__Password_cannot_be_used_at_this_time_5_Rule (Rule)

A user attempted to change the password, but the proposed password could not be used at this time. The Windows security log will identify the user name under MSSQLSERVER event ID 18463.

Knowledge Base article:

Summary

A user attempted to change the password, but the proposed password could not be used at this time. The Windows security log will identify the user name under MSSQLSERVER event ID 18463.

Causes

A proposed password may be rejected if it violates the Enforce password history policy setting.

Resolutions

The user must create a new password that does not violate the password history policy.

Overrideable Parameters

Name	Description	Default Value
Enabled	Enables or disables the workflow.	Yes
Priority	Defines Alert Priority.	1
Severity	Defines Alert Severity.	1

Element properties:

Target

Microsoft.SQLServer.2016.DBEngine

Category

EventCollection

Enabled

True

Event_ID

18463

Event Source

$Target/Property[Type="SQL2016Core!Microsoft.SQLServer.2016.DBEngine"]/ServiceName$

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Remotable

True

Alert Message

MSSQL 2016: Login failed: Password cannot be used at this time

{0}

Event Log

Application

Comment

Mom2016ID='{F2BD244B-6E3C-4BA0-AAF4-8D118B45E481}';MOM2016GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}

Member Modules:

ID	Module Type	TypeId	RunAs
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_	DataSource	Microsoft.Windows.EventProvider	Default
GenerateAlert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Microsoft.SQLServer.2016.Login_failed__Password_cannot_be_used_at_this_time_5_Rule" Target="SQL2016Core!Microsoft.SQLServer.2016.DBEngine" Enabled="true" ConfirmDelivery="true" Remotable="true" Comment="Mom2016ID='{F2BD244B-6E3C-4BA0-AAF4-8D118B45E481}';MOM2016GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>$Target/Property[Type="SQL2016Core!Microsoft.SQLServer.2016.DBEngine"]/ServiceName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>18463</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.SQLServer.2016.Login_failed__Password_cannot_be_used_at_this_time_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>Event ID: $Data/EventDisplayNumber$. $Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>