Login failed for user 'NT AUTHORITYSYSTEM | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

Login failed for user ‘NT AUTHORITYSYSTEM

Hi, out there. <img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ /><br /><br />I am running two active Cluster Nodes with Windows 2003 and MS SQL Server 2000. So far, everything is just fine. Not perfect, but fine.<br />Both of the machines are in productive use since more than one year and in the meanwhile are home for some 30 databases. (We are still on the job to collect all spread databases and put them on the cluster nodes.) No user ever complained about low performance, connection problems or lost connections. Neither did monitoring.<br /><br />The machines, as almost all of our servers, are each connected to the network with two GBit NICs in teaming mode.<br /><br />Once in a while I get a series (~25) of errors in the application event log that read like this:<br /><pre id="code"><font face="courier" size="2" id="code"><br />Event Type:Error<br />Event Source:VSS<br />Event Category:None<br />Event ID:6013<br />Date:03.06.2005<br />Time:02:00:22<br />User:N/A<br />Computer:DENW0000CA101<br />Description:<br />Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize. hr = 0x80040e4d. SQLSTATE: 42000, Native Error: 18456<br />Error state: 1, Severity: 14<br />Source: Microsoft OLE DB Provider for SQL Server<br />Error message: Login failed for user ‘NT AUTHORITYSYSTEM’.<br /><br /><br />For more information, see Help and Support Center at<a target="_blank" href=http://go.microsoft.com/fwlink/events.asp.>http://go.microsoft.com/fwlink/events.asp.</a><br />Data:<br />0000: 53 51 4c 43 4f 4e 4e 43 SQLCONNC<br />0008: 34 37 33 00 00 00 00 00 473…..<br />0010: 53 51 4c 43 4f 4e 4e 43 SQLCONNC<br />0018: 33 39 35 00 00 00 00 00 395…..<br /></font id="code"></pre id="code"><br /><br />I found this closed thread: <a href=’http://sql-server-performance.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=1577′ target=’_blank’ title=’http://sql-server-performance.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=1577′<a target="_blank" href=http://sql-server-performance.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=1577>http://sql-server-performance.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=1577</a></a> describing the same problem. Unfortunately the suggested solution does not apply here, because<br />- the shadow copy service most times runs without error.<br />- the sql server and tools are running using a domain user who has appropriate rights.<br /><br />All hints to this problem that I found focus on the builtinadministrator. <img src=’/community/emoticons/emotion-6.gif’ alt=’:(‘ /><br /><br />Searching the event log I noticed that with very rare exceptions all these errors occur between 23:00 and 02:00 in the night. Additionally I found, that before last change to summer time they occured between 00:00 and 03:00, but I guess that is because those entries are in utc and are formatted to summer time zone now.<br /><br />Does anyone have a hint where I should took a closer look?<br /><br />Thanks in advance, <img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ /><br /><br />Ralph<br /><br />
Have you removed builtinadministrator privileges from SQL? Satya SKJ
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
Hmm, I’m curious about the VSS service as well. It seems that VSS allows you to create a backup (say with NTBackup or a third party tool) of files that are open by other processes, like SQL Server database files for example. To guarantee consistency the VSS process then wants to log in to SQL Server and force it to flush it’s data to disk first before shadow copy is performed. It seem to be enough that you use VSS on a volume that has a sql server database on if for it to trigger and try and logon to the SQL Server. And to logon it uses the ‘NT AUTHORITYSYSTEM’ account. Correct me if I’m wrong. Some articles: A Volume Shadow Copy Service (VSS) update package is available for Windows Server 2003
http://support.microsoft.com/?id=833167 Error 800423f4 appears in the backup log file when you back up a volume by using the Volume Shadow Copy service in Windows Server 2003
http://support.microsoft.com/?id=828481 826936 Time-Out Errors Occur in Volume Shadow Copy Service Writers, and

I was a getting the same error in my Sql log: 18456 : Login failed for user ‘NT AUTHORITYSYSTEM’. It was a different problem but I thought I’d post how I tracked it down. Run a trace for Audit login failures and grab these key columns: hostname
clientprocessid The clientprocessid will map back to the PID on the server shown in hostname. If you run tasklist at the command prompt of that server it’ll let you track down the application that is trying to connect. In my case, it looks like the network guys don’t have MOM configured correctly.