Sql Server 2008 - SA account lockout troubleshooting

Question

We currently have a legacy system running on Windows 2003 IIS 6 using .Net 1.1. It makes connections to our SQL Server 2008 R2 using the 'sa' account (I know it shouldn't; we're rewriting the app, but it's a big process and not near completion).

We have been seeing errors of the sa login using the wrong password and then eventually locking out the account. The account does recover, but then immediately starts reporting wrong sa password again.

We have run SQL profiler to narrow down the specific servers and gotten down to the w3c iis process that it is coming from, which is the legacy app. We have confirmed the connection strings in the app are configured are correctly, but Sql Profiler is reporting that this particular process is the one trying to log in with the wrong sa password.

From the profiler, we see that it is trying to access the master database and it is a non-pooled connection, and the ApplicationName is "Internet Information Services." (All of the successful logins from these web servers are hitting the application DB, are pooled connections, and have an ApplicationName keyed to the connection string.)

What is the best way to trace exactly where these failed connection attempts are coming from?

Answer 1

Login with windows authentication. Execute this query:

ALTER LOGIN sa WITH PASSWORD = 'your_password_new_or_old' UNLOCK ;

Re-login with sa account.