Is it possible to know the remaining 'expiration of sql login password date' & ‘maximum password age’ through T-SQL
https://dba.stackexchange.com/questions/118136
-
29-09-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I would like to say that today incident whatever i have faced related to Microosft SQL Server 2012. I had logged in Microsoft SQL Server 2012 at starting working hour of office time ,but at the mid of my company working hours , i have got the (Microsoft SQL Server, Error : 18487) like error message
===================================
Cannot show requested dialog.
===================================
Cannot show requested dialog. (SqlMgmt)
------------------------------
Program Location:
at Microsoft.SqlServer.Management.SqlMgmt.DefaultLaunchFormHostedControlAllocator.AllocateDialog(XmlDocument initializationXml,
IServiceProvider dialogServiceProvider, CDataContainer dc)
at
Microsoft.SqlServer.Management.SqlMgmt.DefaultLaunchFormHostedControlAllocator.Microsoft.SqlServer.Management.SqlMgmt.ILaunchFormHostedControlAll
ocator.CreateDialog(XmlDocument initializationXml, IServiceProvider dialogServiceProvider)
at Microsoft.SqlServer.Management.SqlMgmt.LaunchForm.InitializeForm(XmlDocument doc, IServiceProvider provider, ISqlControlCollection control)
at Microsoft.SqlServer.Management.SqlMgmt.LaunchForm..ctor(XmlDocument doc, IServiceProvider provider)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ToolMenuItemHelper.OnCreateAndShowForm(IServiceProvider sp, XmlDocument doc)
at Microsoft.SqlServer.Management.SqlMgmt.RunningFormsTable.RunningFormsTableImpl.ThreadStarter.StartThread()
===================================
Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)
------------------------------
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&LinkId=20476
------------------------------
Program Location:
at Microsoft.SqlServer.Management.Sdk.Sfc.Enumerator.Process(Object connectionInfo, Request request)
at Microsoft.SqlServer.Management.SqlManagerUI.CreateLogin.CheckObjects(String login)
at Microsoft.SqlServer.Management.SqlManagerUI.CreateLogin..ctor(CDataContainer context)
===================================
Failed to connect to server ServerName. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
Program Location:
at Microsoft.SqlServer.Management.Common.ConnectionManager.Connect()
at Microsoft.SqlServer.Management.Common.ConnectionManager.PoolConnect()
at Microsoft.SqlServer.Management.Common.ConnectionManager.get_DatabaseEngineType()
at Microsoft.SqlServer.Management.Sdk.Sfc.Enumerator.UpdateConnectionInfoIfCloud(Object& connectionInfo, Urn urn, Boolean& isUpdated)
at Microsoft.SqlServer.Management.Sdk.Sfc.Enumerator.Process(Object connectionInfo, Request request)
===================================
Login failed for user 'SQLLoginID'. Reason: The password of the account has expired. (.Net SqlClient Data Provider)
------------------------------
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18487&LinkId=20476
------------------------------
Server Name: ServerName
Error Number: 18487
Severity: 14
State: 1
Line Number: 65536
------------------------------
Program Location:
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean
asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet
bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet
bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword,
Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword,
Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)
at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential
credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions,
SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance,
SqlConnectionString userConnectionOptions, SessionData reconnectSessionData)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object
poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup,
DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry,
DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory
connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory,
TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.Open()
at Microsoft.SqlServer.Management.Common.ConnectionManager.InternalConnect(WindowsIdentity impersonatedIdentity)
at Microsoft.SqlServer.Management.Common.ConnectionManager.Connect()
I have gone through all related to this topic in stackExchange site. Mainly the Aaron Bertrand all blog post related to this topic like Does sys.sql_logins.is_policy_checked mean that the policy has been checked? and Verifying password policy on existing users and also https://dba.stackexchange.com/search?q=password+policy.
But i suppose to ask this question that's why going to ask to sql expert.
I am novice in SQL Server compare than like SQL Server expert Aaron Bertrand and others my senior StackExchange SQL Expert. As per working environment policy , system administrator did't share 'local security setting policy'.so , i don't have the exact 'maximum password age' expiration information. I have faced so many times the above error related to change password.
From T-SQL Query
select * from sys.sql_logins;
After this query i know the all sql syslogin details like is_policy_checked,is_expiration_checked,create_date and modify_date.
From modify_date i know the exact date of sql login modify date. Also it's clear to from above query to that which user have applied the 'Enforce Password Policy' and 'Enforce Password Expiration' along with their SQL login.
In my environment i have a 'sa' user of Microsoft SQL Server 2012. But I don't have permission to check Local Security Settings->Account Policy->Maximum password Age.
Any hint or clue related to this error will be appreciated.
Solution
The information being requested here is not SQL Server information. It is Windows / OS -level information. This information is not available within SQL Server (i.e. there does not appear to be any DMV containing this info).
It should also be noted that the Login properties of is_policy_checked and is_expiration_checked only pertain to SQL Server Logins, not Windows Logins (since Windows Logins already have those enforced as per system / Domain policy).
The only way to get the password policy information is to get it from the Operating System. You can either use a GUI or command-line NET ACCOUNTS as follows:
C:\>NET ACCOUNTS
Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 42
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: WORKSTATION
By default, NET ACCOUNTS displays information for the local system. If your computer is attached to a Domain and your login is a Domain account, then you need to add the /DOMAIN switch:
C:\>NET ACCOUNTS /DOMAIN
The request will be processed at a domain controller for domain {computers_domain_name}.
Of course, if you don't have permission to see that information, then you need to contact a Domain Administrator.
