A user attempted to log into the network with an account that has been locked out. The Windows security log will identify the user name under MSSQLSERVER event ID 18486.
Knowledge Base article:
Summary
A user attempted to log into the network with an account that has been locked out. The Windows security log will identify the user name under MSSQLSERVER event ID 18486.
Causes
User validation failed because the account was locked out. An account may be locked out by an administrator or programmatically when policies are violated. For example, if a user attempts to log into the network several consecutive times Windows may automatically lock the account so that this user cannot log on. This is designed to prevent brute force attacks.
Resolutions
Contact the user who is responsible for the account that is locked out. If they are legitimately attempting to access the network, contact a security administrator to unlock the account.
If the user has not attempted to log in during the time period specified in the Windows security log, assess this situation as a possible security attack.
Overridable Parameters
Name
Description
Default Value
Enabled
Enables or disables the workflow.
Yes
Interval (seconds)
The recurring interval of time in seconds in which to run the workflow.
300
Priority
Defines Alert Priority.
1
Severity
Defines Alert Severity.
1
Synchronization Time
The synchronization time specified by using a 24-hour format. May be omitted.
Timeout (seconds)
Specifies the time the workflow is allowed to run before being closed and marked as failed.
200
Timeout for query execution (seconds)
The workflow will fail and register an event, if the query execution takes longer than the specified period.
60
Timeout for database connection (seconds)
The workflow will fail and register an event, if it cannot access the database during the specified period.
Home
ENU