locked
Multiple entries for a single login in sql error log. RRS feed

  • Question

  • SQL Server log file contain multiple entries for a single login. please help to resolve this.

    Disabled all the services except SQL server & SQL agent then restarted the server , but still this issue remains.

    moreover Successfull audits for user  'NT AUTHORITY\SYSTEM' is filling the sql server error log.

    "Login succeeded for user 'NT AUTHORITY\SYSTEM'. Connection made using Windows authentication."

    Thanks,

    SKB

    Sunday, November 25, 2012 7:12 AM

Answers

  • Looks like SQL server system authenticating to the operating system.This is perfectly normal.

    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Blog: Large scale of database and data cleansing
    MS SQL Consultants: Improves MS SQL Database Performance

    • Marked as answer by SKB7 Sunday, December 2, 2012 10:29 AM
    Sunday, November 25, 2012 7:31 AM
  • yes nothing wrong with that login getting succeeded for NT AUTHORITY\SYSTEM, because this account used by Microsoft update & for MOM for SP's and hotfixes to sql server,also used by SQL writer service..!

    Also did any other application is using by this account with your databases in use for that applications, what about your SQL server services did they using local account or domain account..

    Incase if you want to see whats going on then run the server side trace

    (http://www.mssqltips.com/sqlservertip/1035/sql-server-performance-statistics-using-a-server-side-trace/)


    Thanks, Rama Udaya.K (http://rama38udaya.wordpress.com) ---------------------------------------- Please remember to mark the replies as answers if they help and UN-mark them if they provide no help,Vote if they gives you information.

    • Marked as answer by SKB7 Sunday, December 2, 2012 10:29 AM
    Monday, November 26, 2012 3:34 AM

All replies

  • Looks like SQL server system authenticating to the operating system.This is perfectly normal.

    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Blog: Large scale of database and data cleansing
    MS SQL Consultants: Improves MS SQL Database Performance

    • Marked as answer by SKB7 Sunday, December 2, 2012 10:29 AM
    Sunday, November 25, 2012 7:31 AM
  • Object Explorer. Right-click the server. Properties. The Security tab. The second group has your options.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Marked as answer by SKB7 Sunday, November 25, 2012 11:00 AM
    • Unmarked as answer by SKB7 Sunday, November 25, 2012 11:00 AM
    Sunday, November 25, 2012 10:58 AM
  • Thanks erland. But As per the security policy I have to audit both failed and successful logins.
    Sunday, November 25, 2012 11:05 AM
  • In such case what is your problem? That your error log gets filled up, or that a process is constantly logging in? In the former case, this is per your security policy. In the latter case, I guess you could use Profiler to track down where these connections are coming from, including which host.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Sunday, November 25, 2012 12:44 PM
  • yes nothing wrong with that login getting succeeded for NT AUTHORITY\SYSTEM, because this account used by Microsoft update & for MOM for SP's and hotfixes to sql server,also used by SQL writer service..!

    Also did any other application is using by this account with your databases in use for that applications, what about your SQL server services did they using local account or domain account..

    Incase if you want to see whats going on then run the server side trace

    (http://www.mssqltips.com/sqlservertip/1035/sql-server-performance-statistics-using-a-server-side-trace/)


    Thanks, Rama Udaya.K (http://rama38udaya.wordpress.com) ---------------------------------------- Please remember to mark the replies as answers if they help and UN-mark them if they provide no help,Vote if they gives you information.

    • Marked as answer by SKB7 Sunday, December 2, 2012 10:29 AM
    Monday, November 26, 2012 3:34 AM
  • Hi SKB7,

    As far as I know, this is OK. 'NT AUTHORITY\SYSTEM' is built-in Windows service account. As we know, SQL Server files are stored on disk, and we need the related Windows permission to access the disk, this is where 'NT AUTHORITY\SYSTEM' account is used rather than using a SQL Server login account directly. The login information in the log file was generated when SQL Server needs to communicate with Windows. We don’t need to worry about these information. For more detail information, please refer to the following link:

    Configure Windows Service Accounts and Permissions:
    http://msdn.microsoft.com/en-us/library/ms143504.aspx


    Allen Li
    TechNet Community Support



    Monday, November 26, 2012 6:14 AM
  • this is normal, you can give rights to NT AUTHORITY\SYSTEM to connect. installation of hotfixes operating system or some third party backup toold use this user for working.

    Regards,
    Rohit Garg
    (My Blog)
    This posting is provided with no warranties and confers no rights.
    Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

    Tuesday, November 27, 2012 5:31 PM
  • Thanks to all for the support..
    Sunday, December 2, 2012 10:44 AM