Description of Issue:
Failure Audit messages appear in the Application Event log. The messages will say something similar to this:
Logon failed for user 'ADMIN'. [CLIENT: <named pipe>]
or
Logon failed for user 'sa'. [CLIENT: <192.168.0.99>]
Cause of Issue:
This issue is caused because of the way ESC attempts to logon to the database. Prior to version 9, ESC used three different methods to connect to the database. If one failed, the others were tried until ESC either logged in successfully or went through all three methods.
Here is what ESC tries now and the order it does it in:
- Windows authentication - ESC will attempt to logon to the database using the logon name and password the user entered to logon to Windows.
- SQL authentication - ESC will attempt to logon to the database using the sa logon name and new complex password of !dESCO?2010.
- SQL authentication - ESC will attempt to logon to the database using the sa logon name and the old simple ESC password.
- SQL authentication - ESC will attempt to logon to the database using the sa logon name and a blank password for SQL legacy support.
In Version 9.0 and later ESC will either try to use Windows authentication first and then SQL authentication. This should reduce the frequency of this issue occurring if SQL authentication is selected because it only has to try two connection methods. Likewise choosing Windows authentication will make this disappear in most cases but it could still happen if you have a complicated network setup.
Resolution:
These messages are harmless and don't affect the performance or integrity of ESC in any way. If they really bother you it is possible to turn off failure audits using SQL Server Management Studio. This is not encouraged or supported by dESCO but can be accomplished by doing this: Right-clicking the server in the Management Studio and select Properties. Click the Security page and set Logon Auditing to None. Click OK and reboot the computer when you have a chance.
Comments
Please sign in to leave a comment.