We are using SQL server 2014, we update a password for a user login here
we click properties on a given login account and change the password here
we are certain we entering it correctly when we then try to login to the server using the login and password we get the following error
I don't know where else to look and what else to change -- when we do the same process on a different server it works without issue. But here its failing.
Where should we look and what else do we need to troubleshoot. Could it be we don't have access to certain databases, how do we fix this.
These are some of the errors coming through in the system logs
Message
Login failed for user ‘abc’. Reason: Failed to open the explicitly specified database ‘AMS'. [CLIENT---]
Message
Login failed for user 'abc’. Reason: Failed to open the database ‘Budget’ specified in the login properties. [CLIENT: ---]
Message
Login failed for user ‘abc’. Reason: Password did not match that for the login provided. [CLIENT: ----]
You must set a default database where the user AND relative login can access.
Logins are objects with a password
Users are objects, mapped to Logins, added to SQL Server entities.
Under Server -> Security -> Logins
Unser Database -> Security -> Users
Check also if the user is correctly mapped to the login.
To solve your problem you can set the master database as the default for your login.
You can find out more about the error in the SQLServer logs as described here https://learn.microsoft.com/en-us/sql/relational-databases/performance/view-the-sql-server-error-log-sql-server-management-studio?view=sql-server-ver16.
If you are looking for a quick fix to your problem, you can either:
assign more server roles to your login
or grant it an individual permission
use master;
grant CONNECT ANY DATABASE TO <login>;
Related
I am currently setting up some users for my Azure SQL DWH. I have created a Login at server level and a User at my database. However, I am getting a login failed message if I try to use my database user. If I use the Login I have created it works just fine. This Login also only has access to the views I have granted it access to. Am I missing something really obvious or is there something different about logins and roles in SQL DWH?
CREATE LOGIN Login WITH PASSWORD = 'Password';
CREATE USER User FROM LOGIN Login;
You cannot use “user” as the name of the new database login because is a reserved word. Additionally add the login to the datareader role and try again.
EXEC sp_addrolemember 'db_datareader', 'newdatabaseuser';
Try to login to the SQL Data Warehouse server without specifying the database. If you are able to connect then with above statement you may solve the issue.
If you are trying to get connected from an application please make sure you are using appropriate drivers. Learn more about it here.
Hope this helps.
how its possible to see 'sa' login in connection with login which have only granted to read some views? Probably cant to edit anything, but can see. And also can see list of databases, but cant to open. All in SQL Management Studio. Login just created by:
create login YourTpvLogin with password = 'enter new password here'
go
create user YourTpvUser for login YourTpvLogin
go
grant select on YourView to YourTpvUser
Thank you for explanation or way how to fix it.
Ok... First of all Every SQL Server login belongs to the public server role. Next - The public server role is granted VIEW ANY DATABASE permission which means that a login that is granted this permission can see metadata that describes all databases including master database which in turn records all the system-level information for a SQL Server system including information about SQl server logins and sa login of course is not an exception.
So... any new login can see all databases and logins but can't modify them.
Possible "solution" for hiding databases is to deny a login the VIEW ANY DATABASE permission.
To limit visibility to database metadata, deny a login the VIEW ANY
DATABASE permission. After this permission is denied, a login can see
only metadata for master, tempdb, and databases that the login owns.
And... you can't completely hide the sa login because every login must be able to read server's metadata from the master database.
After i logged in to SQL server using management studio i opened the log and i got a million messages showing
Login failed. The login is from an untrusted domain and cannot be used
with Windows authentication. [CLIENT: 222.186.61.5]
or
Login failed for user 'sa'. Reason: Password did not match that for
the login provided. [CLIENT: 222.186.61.5]
or
Login failed for user 'kisadmin'. Reason: Could not find a login
matching the name provided. [CLIENT: 222.186.61.5]
or
Login failed for user 'wwo'. Reason: Could not find a login matching
the name provided. [CLIENT: 104.217.216.169]
I have many more logs for many users and IP's which first appeared 10/6/2015 8:06:19 PM (and i have them everyday). Are these messages showing that i have been cyber attacked ?
What you see is a set of failed login tries, so, you can know for sure that someone tries to hack your database. Unfortunately, if there were successful attempts, then people might have read some data from your part. You need to kill all active connections and change the port you are using for your database.
Also, it would be nice if you would think about how people were able to try to log in to your database. Are you having by accident any public information about where your database server is (like error messages, for example)?
I'm hosting my web application on an azure VM. I've created a new user for MSSQLSERVER which my application can use to access the remote SQL server on that machine (so i do not use the sa user in my application). I have no problems at all accessing it, but i accidentally opened the Event Viewer and I found that each time I log into my application I get tens of messages that say
"Login failed for user 'sa'. Reason: An error occurred while
evaluating the password. [client: ......]
I first thought that it was an intruder, but then I realized that this message appears once I login to my application.
Why could this message be shown ?
It is a state 1 issue, password validation gets done all-right, the problem is it is disabled for that user, in this case your MSSQLSERVER user or sa.
Try logging in with sa, and log out to refresh credentials . grant all permissions to new user that you created, and log in with your newly created user. This should solve the problem [make sure that error number is either of 18470 or 18456].
We have a "windows integrated authentication" user whose default database was deleted.
Now when trying to login, we get an error saying, login for the user failed.
I found a solution from Microsoft to use SQLCMD. However, I am unable to issue the alter login command for that user. The error message states that the login 'mylogin' does not exist or you do not have permissions.
Unfortunately, I don't have sa credentials on that server.
Is there another way to change the default database on login?
You really need to issue the ALTER USER command from an account with sufficient privileges, or specify the Initial Catalog in the connection string when connecting, from whatever client app is being used.
Is there another way to change the default database on login?
No. Have you tried logging in to a specific database, not the default?
http://www.connectionstrings.com/
has all info about connection strings you ever need. You can set an "Initial Catalog" in the connection string. That is not "the default of the user" but it is the one to be used for THAT connection.
Sadly, if you do not have the rights to create a db or reconfigure the user, that is where it stops... need to do that on every login then. Retrieve the SA password.