Monday, February 20, 2012

message in sql server error log

What can cause the message "Login failed for user 'DOMAIN\COMPUTER$' " every
20 sec? the instance is Standard SQL server 2000 with mixed security mode
and sql server service accout is domain admin member. The application that
use database is working fine but out error log fills up very fast. I will
appreciate any advise.
"Eli Milkova" <EliMilkova@.discussions.microsoft.com> wrote in message
news:4A68C8F3-CFAC-4D46-BAD2-B33E7616C53F@.microsoft.com...
> What can cause the message "Login failed for user 'DOMAIN\COMPUTER$' "
> every
> 20 sec? the instance is Standard SQL server 2000 with mixed security mode
> and sql server service accout is domain admin member. The application that
> use database is working fine but out error log fills up very fast. I will
> appreciate any advise.
Just a guess here, but that domain account will need to have local admin
permissions on your SQL Server.
In addition, you may need to set the Run As a Service permission, or Log On
as a Service.. Something like that. <shrug>
I'm sure others can expand on this.
Rick Sawtell
MCT, MCSD, MCDBA
|||Is this showing up in sql errorlog or system log ?
Is the COMPUTER in DOMAIN\COMPUTER$ the local computer or a remote computer
?
How did you set the service account user names ?
Have you thought about setting and audit (Remember SQL Can do C2), and
watching realtime with profiler ?
Is this computer a domain contoler and/r any FSMO Role
BTW: It is bad practice to run sql services with admin privilages
"Eli Milkova" <EliMilkova@.discussions.microsoft.com> wrote in message
news:4A68C8F3-CFAC-4D46-BAD2-B33E7616C53F@.microsoft.com...
> What can cause the message "Login failed for user 'DOMAIN\COMPUTER$' "
> every
> 20 sec? the instance is Standard SQL server 2000 with mixed security mode
> and sql server service accout is domain admin member. The application that
> use database is working fine but out error log fills up very fast. I will
> appreciate any advise.
|||"David J. Cartwright" <davidcartwright@.hotmail.com> wrote in message
news:ee1GqLtvFHA.3152@.TK2MSFTNGP12.phx.gbl...
> Is this showing up in sql errorlog or system log ?
> Is the COMPUTER in DOMAIN\COMPUTER$ the local computer or a remote
> computer ?
> How did you set the service account user names ?
> Have you thought about setting and audit (Remember SQL Can do C2), and
> watching realtime with profiler ?
> Is this computer a domain contoler and/r any FSMO Role
> BTW: It is bad practice to run sql services with admin privilages
>
Don't they need local admin rights? It's been a while since I've had to do
a setup like that.
Rick Sawtell
|||"David J. Cartwright" wrote:

> Is this showing up in sql errorlog or system log ?
<EM> In sql error log

> Is the COMPUTER in DOMAIN\COMPUTER$ the local computer or a remote computer
> ?
<EM> DOMAIN\COMPUTER$ is for the remote computer.

> How did you set the service account user names ?
<EM> members of domain admin group

> Have you thought about setting and audit (Remember SQL Can do C2), and
> watching realtime with profiler ?
<EM> I did this the message appears when application account
DOMAIN\appaccount is login / logout to sql server. Its not a threat at all so
no sence to use C2

> Is this computer a domain contoler and/r any FSMO Role
<EM> no the computer thats tryng to log is standalone backup server

> BTW: It is bad practice to run sql services with admin privilages
<EM> we are in process of changing this
> "Eli Milkova" <EliMilkova@.discussions.microsoft.com> wrote in message
> news:4A68C8F3-CFAC-4D46-BAD2-B33E7616C53F@.microsoft.com...
>
>
|||SQL Server only *needs access to its files (system files, and dta
files...usualy C:\Program Files\Microsoft SQL Server..." and its reqistry
keys...
to keep a machine more secure minimize the access that the service account
have
If the service is running with local admin rights...and the sql server is
hacked, then the whole system is comprimised (CmdExec)
"Rick Sawtell" <r_sawtell@.hotmail.com> wrote in message
news:O4X4EVtvFHA.1252@.TK2MSFTNGP09.phx.gbl...
> "David J. Cartwright" <davidcartwright@.hotmail.com> wrote in message
> news:ee1GqLtvFHA.3152@.TK2MSFTNGP12.phx.gbl...
> Don't they need local admin rights? It's been a while since I've had to
> do a setup like that.
> Rick Sawtell
>
|||Is the account 'appacccount' loging in from an application on this remote
computer?
The only other time i have seen DOMAIN\COMPUTER$ (With the $ sign) is when
the computer domain account has gotten out of sync. But i dont know why this
would show up in the sql log...if this is the computer that the appaccount
acount is loging in from and they happen at same time...i would check make
sure that the computers account is in synce...ie thats its p/w has been
set/reset with the domain
did you mean server is a 'member' server or is it realy a 'standolone'
server...?
- David
"Eli Milkova" <EliMilkova@.discussions.microsoft.com> wrote in message
news:30150C5D-30EC-4325-908D-86FB7D52E81B@.microsoft.com...[vbcol=seagreen]
>
> "David J. Cartwright" wrote:
> <EM> In sql error log
> <EM> DOMAIN\COMPUTER$ is for the remote computer.
> <EM> members of domain admin group
> <EM> I did this the message appears when application account
> DOMAIN\appaccount is login / logout to sql server. Its not a threat at all
> so
> no sence to use C2
> <EM> no the computer thats tryng to log is standalone backup server
> <EM> we are in process of changing this
|||thanks David,
please see my answers below
"David J. Cartwright" wrote:

> Is the account 'appacccount' loging in from an application on this remote
> computer?
<EM> yes ...exactly from the same server
> The only other time i have seen DOMAIN\COMPUTER$ (With the $ sign) is when
> the computer domain account has gotten out of sync. But i dont know why this
> would show up in the sql log...if this is the computer that the appaccount
> acount is loging in from and they happen at same time...i would check make
> sure that the computers account is in synce...ie thats its p/w has been
> set/reset with the domain
<EM>How can I check computer account? pls advise
> did you mean server is a 'member' server or is it realy a 'standolone'
> server...?
>
<EM> its standalone server
> - David
> "Eli Milkova" <EliMilkova@.discussions.microsoft.com> wrote in message
> news:30150C5D-30EC-4325-908D-86FB7D52E81B@.microsoft.com...
>
>
|||O.K lemmi get this straight...the sql server is a 'standalone' server,
meaning that it is NOT a member of the domain, but it is using domain
accounts (more specificaly, a domain admin account) to run the services ?
also what kinda domain is this NT4/2000/2003 ? and what level is it running
at ? (this will help me answer the computer account prob)
http://support.microsoft.com/default...b;en-us;325850
http://support.microsoft.com/default...b;en-us;260575
"Eli Milkova" <EliMilkova@.discussions.microsoft.com> wrote in message
news:AB1FE5AD-002B-42A6-B2F7-16DD0E355586@.microsoft.com...[vbcol=seagreen]
> thanks David,
> please see my answers below
> "David J. Cartwright" wrote:
> <EM> yes ...exactly from the same server
> <EM>How can I check computer account? pls advise
> <EM> its standalone server
|||ok ...there is misunderstanding no not that kind of standalone server : ) its
just an application server obviously a domain member
and ...w2000 domain
"David J. Cartwright" wrote:

> O.K lemmi get this straight...the sql server is a 'standalone' server,
> meaning that it is NOT a member of the domain, but it is using domain
> accounts (more specificaly, a domain admin account) to run the services ?
> also what kinda domain is this NT4/2000/2003 ? and what level is it running
> at ? (this will help me answer the computer account prob)
> http://support.microsoft.com/default...b;en-us;325850
> http://support.microsoft.com/default...b;en-us;260575
> "Eli Milkova" <EliMilkova@.discussions.microsoft.com> wrote in message
> news:AB1FE5AD-002B-42A6-B2F7-16DD0E355586@.microsoft.com...
>
>

No comments:

Post a Comment