By default login failed error message is nothing but a client user connection has been refused by the server due to mismatch of login credentials. First task you might check is to see whether that user has relevant privileges on that SQL Server instance and relevant database too, thats good. Obviously if the necessary prvileges are not been set then you need to fix that issue by granting relevant privileges for that user login.
Althought if that user has relevant grants on database & server if the Server encounters any credential issues for that login then it will prevent in granting the authentication back to SQL Server, the client will get the following error message:
Msg 18456, Level 14, State 1, Server <ServerName>, Line 1
Login failed for user '<Name>'
Ok now what, by looking at the error message you feel like this is non-descriptive to understand the Level & state. By default the Operating System error will show ‘State’ as 1 regardless of nature of the issues in authenticating the login. So to investigate further you need to look at relevant SQL Server instance error log too for more information on Severity & state of this error. You might look into a corresponding entry in log as:
2007-05-17 00:12:00.34 Logon Error: 18456, Severity: 14, State: 8.
or
2007-05-17 00:12:00.34 Logon Login failed for user '<user name>'.
As defined above the Severity & State columns on the error are key to find the accurate reflection for the source of the problem. On the above error number 8 for state indicates authentication failure due to password mismatch. Books online refers: By default, user-defined messages of severity lower than 19 are not sent to the Microsoft Windows application log when they occur. User-defined messages of severity lower than 19 therefore do not trigger SQL Server Agent alerts.
Sung Lee, Program Manager in SQL Server Protocols (Dev.team) has outlined further information on Error state description:The common error states and their descriptions are provided in the following table:
ERROR STATE ERROR DESCRIPTION
------------------------------------------------------------------------------
2 and 5 Invalid userid
6 Attempt to use a Windows login name with SQL Authentication
7 Login disabled and password mismatch
8 Password mismatch
9 Invalid password
11 and 12 Valid login but server access failure
13 SQL Server service paused
18 Change password required
Well I'm not finished yet, what would you do in case of error:
2007-05-17 00:12:00.34 Logon Login failed for user '<user name>'.
You can see there is no severity or state level defined from that SQL Server instance’s error log. So the next troubleshooting option is to look at the Event Viewer’s security log [edit because screen shot is missing but you get the
idea, look in the event log for interesting events].
Вы можете столкнуться с ошибкой SQL Server 18456, если сервер не может аутентифицировать соединение, и это может быть вызвано недоступностью прав администратора для SQL-сервера или если протокол TCP / IP отключен в настройках SQL-сервера.
Проблема возникает, когда пользователь пытается подключиться к серверу SQL (локальному или удаленному), но обнаруживает ошибку 18456 (с разными состояниями).
Ошибка Microsoft SQL Server 18456
Вы можете исправить ошибку SQL-сервера 18456, попробовав приведенные ниже решения, но перед этим проверьте, решает ли проблему перезагрузка сервера, клиентского компьютера и сетевых компьютеров. Кроме того, убедитесь, что вы вводите правильное имя пользователя и пароль (а не копируете адрес).
Также проверьте, правильно ли вы вводите имя базы данных (без опечаток), и убедитесь, что вы соответствующим образом обновили файл конфигурации. Кроме того, проверьте, решает ли проблему разблокировка учетной записи (с помощью запроса ALTER LOGIN WITH PASSWORD = UNLOCK). Если вы видите ошибки в журнале ошибок SQL, убедитесь, что ваш SQL-сервер не атакован. И последнее, но не менее важное: убедитесь, что часы сервера и клиентского компьютера установлены правильно.
Вы можете столкнуться с ошибкой 18456, если SQL-сервер не имеет повышенных разрешений на выполнение своей операции, и запуск его от имени администратора (или отключение элементов управления UAC на сервере) может решить проблему.
Откройте SQL Server от имени администратора
- Щелкните Windows и введите SQL Server Management Studio.
- Теперь щелкните правой кнопкой мыши SMSS и выберите «Запуск от имени администратора».Запустите Microsoft SQL Server Management Studio от имени администратора.
- Затем нажмите Да (если получено приглашение UAC) и проверьте, не содержит ли SQL-сервер ошибки 18456.
- Если нет, проверьте, решает ли проблему отключение UAC на сервере.
Запуск SQL Server в однопользовательском режиме
- Щелкните Windows, введите и откройте диспетчер конфигурации SQL Server.
- Теперь щелкните правой кнопкой мыши службу SQL Server (на вкладке «Службы SQL Server») и выберите «Свойства».Откройте свойства SQL Server
- Затем перейдите на вкладку Параметры запуска и в поле Укажите параметр запуска введите: -m
- Теперь нажмите «Добавить» и примените изменения.Добавьте параметр «-m» к параметрам запуска SQL Server.
- Затем щелкните правой кнопкой мыши службу SQL Server и выберите «Перезагрузить».Перезапустите службу SQL Server.
- Теперь щелкните Windows, введите: SQL Server Management Studio, щелкните правой кнопкой мыши SMSS и выберите Запуск от имени администратора.
- Теперь проверьте, можете ли вы подключиться к SQL Server от имени администратора.
- Если это так, добавьте учетную запись домена на SQL-сервер и назначьте ей роль SysAdmin.
- Теперь вернитесь в окно диспетчера конфигурации SQL Server и удалите параметр -m на вкладке Параметры запуска.
- Затем перезапустите службу SQL Server (шаг 3) и проверьте, нормально ли работает SQL-сервер.
Если проблема не исчезнет, проверьте, правильно ли настроены параметры запуска или сведения о пути. Если проблема все еще существует, убедитесь, что ваша учетная запись пользователя имеет необходимые разрешения для служб базы данных / отчетов, а затем проверьте, решена ли проблема.
Включите протокол TCP / IP в диспетчере конфигурации сервера.
Код ошибки 18456 на сервере SQL означает, что серверу не удалось аутентифицировать соединение, и это может произойти, если протокол TCP / IP, необходимый для доступа к базе данных в сети, отключен в диспетчере конфигурации сервера. В этом контексте включение TCP / IP в диспетчере конфигурации SQL Server может решить проблему.
- Щелкните Windows и разверните Microsoft SQL Server, указав год, например, 2008 (вам может потребоваться немного прокрутить, чтобы найти параметр).
- Теперь откройте диспетчер конфигурации SQL Server и нажмите Да (если получено приглашение UAC).
- Затем разверните сетевую конфигурацию SQL Server и выберите Протоколы для (имя сервера / базы данных) на левой панели.
- Теперь на правой панели дважды щелкните TCP / IP и выберите Да в раскрывающемся списке Включено.Откройте TCP / IP в протоколах конфигурации сети SQL Server
- Затем примените изменения и щелкните Windows.Включить TCP / IP в SQL
- Теперь введите «Службы», щелкните правой кнопкой мыши результат «Службы» и выберите «Запуск от имени администратора».Откройте службы в качестве администратора
- Затем щелкните правой кнопкой мыши SQL Server (с именем сервера) и выберите «Перезагрузить».Перезапустите службу SQL в окне служб.
- Теперь проверьте, очищен ли SQL-сервер от ошибки 18456.
Если это не помогло, убедитесь, что вы подключаетесь к правильному порту SQL-сервера (особенно, если вы используете сервер в многосерверной среде).
Измените режим аутентификации SQL Server
Сервер SQL может отображать ошибку 18456, если метод аутентификации сервера SQL не настроен должным образом (например: вы пытаетесь войти в систему с использованием аутентификации сервера SQL, тогда как сервер настроен на использование аутентификации Windows). В этом случае изменение метода аутентификации SQL-сервера может решить проблему. Прежде чем двигаться дальше, убедитесь, что для текущего пользователя включен статус входа в систему (например, SA).
- В обозревателе объектов Microsoft SQL Server Management Studio щелкните правой кнопкой мыши свой сервер и выберите «Свойства».
- Теперь на левой панели выберите Безопасность, а на правой панели выберите SQL Server и проверку подлинности Windows (или наоборот).Включить SQL Server и проверку подлинности Windows
- Затем примените изменения и в обозревателе объектов щелкните правой кнопкой мыши сервер.
- Теперь выберите «Перезагрузить» и после перезапуска проверьте, можете ли вы подключиться к базе данных без ошибки 18456.
Если вы не можете войти в SQL, вы можете установить MS Power Tools и выполнить следующую команду с повышенными привилегиями:
psexec.exe -i -s ssms.exe
После этого вы можете использовать учетную запись установки SQL, чтобы внести изменения, а также убедиться, что учетная запись SA не отключена:
Включите учетную запись SA и сбросьте пароль учетной записи
Если вы не можете подключиться к SQL Server, то включение учетной записи SA SQL-сервера и сброс его пароля может решить проблему.
- Запустите Microsoft SQL Server Management Studio (возможно, вам придется использовать учетную запись администратора домена) и разверните Безопасность.
- Затем дважды щелкните Logins и откройте SA.Откройте учетную запись SA в Microsoft SQL Server Management Studio.
- Теперь введите новый пароль и подтвердите его (убедитесь, что вы используете надежный пароль).
- Затем перейдите на вкладку Server Roles и убедитесь, что выбраны следующие роли: Public SysadminВключение ролей общедоступного сервера и сервера системного администратора для учетной записи SA
- Теперь перейдите на вкладку «Статус» и на правой панели выберите «Включено» (в разделе «Вход»).Включение учетной записи SA в SQL
- Затем примените изменения и нажмите кнопку Windows.
- Теперь введите Services и щелкните его правой кнопкой мыши.
- Затем выберите «Запуск от имени администратора» и перейдите к службе SQL Server.
- Теперь щелкните его правой кнопкой мыши и выберите «Перезагрузить».
- После перезапуска службы проверьте, устранена ли ошибка 18456 SQL-сервера.
Создайте новый логин и перезапустите службы Reporting Services
Если вы не можете использовать какую-либо учетную запись для подключения к базе данных, то создание новой учетной записи и перезапуск служб отчетов может решить проблему.
- Запустите Microsoft SQL Server Management Studio и разверните вкладку «Безопасность».
- Затем разверните Логины и щелкните его правой кнопкой мыши.
- Теперь выберите «Новый вход» и введите учетные данные (в имени входа выберите учетную запись компьютера), если используется проверка подлинности SQL Server.Создать новый логин в SQL Server
- Затем не забудьте снять флажок «Пользователь должен сменить пароль при следующем входе в систему» и выберите базу данных.
- Теперь перейдите на вкладку Server Roles и выберите роль Public.
- Затем на вкладке «Сопоставление пользователей» обязательно выберите базу данных и выберите db_owner.Выберите db_owner для базы данных в SQL
- Теперь примените ваши изменения и щелкните Windows.
- Затем введите Services и щелкните правой кнопкой мыши результат Services. Затем выберите Запуск от имени администратора.
- Теперь щелкните правой кнопкой мыши службу отчетов SQL Server и выберите «Перезагрузить».Перезапустите службу отчетов SQL Server.
- Затем повторно подключитесь к базе данных и проверьте, очищен ли сервер SQL от ошибки 18456.
Если это так, убедитесь, что вы создали пользователя в BUILTIN administrators, и затем вы можете использовать этого пользователя для управления SQL Server. Если вы восстановили базу данных из резервной копии, будет лучше удалить и повторно добавить пользователей, чтобы удалить все старые записи пользователей. Если вы хотите запустить SQL-сервер от имени другого пользователя, введите Microsoft SQL Server в поиске Windows, Shift + щелкните правой кнопкой мыши на SQL Server и выберите «Запуск от имени другого пользователя». И последнее, но не менее важное: проверьте, решает ли проблема использование Azure Data Studio с сервером SQL.
Ошибка 18456 связана с отключенной SQL аутентификацией. Ее можно решить 2 путями. Либо включить SQL аутентификацию либо создать логин на основе пользователя Windows.
Для первого варианта сделаем следующее:
1) Зайдем под логином. Обратите внимание что бы у нас в поле 1 стоял Windows
2) Зайдем в свойства конфигурации сервера
3) Зайдем на закладку “Безопасность” и включим гибридную ацетификацию Windows и SQL:
После этого мы сможем зайти под SQL логином
Второй вариант – нам нужно создать логин на основе пользователя Windows
Для этого сделаем:
1) Зайдем в папку “Безопасность” – “Логины”:
2) После этого добавляем существующего пользователя Windows для работы в SQL:
Все должно заработать.
…
Теги:
#ms-sql
Updated in July 2020 with a few new states.
I think we’ve all dealt with error 18456, whether it be an application unable to access SQL Server, credentials changing over time, or a user who can’t type a password correctly.
The trick to troubleshooting this error number is that the error message returned to the client or application trying to connect is intentionally vague – the error message is similar for most errors, and the state is always 1. In a few cases, some additional information is included, but for the most part several of these conditions appear the same to the end user. The reason for this is to be careful not to disclose too much information to a would-be attacker.
But this makes troubleshooting hard.
In order to figure out what is really going wrong, you need to have alternative access to the SQL Server and inspect the log for the true state in the error message. I helped our support team just today solve a client’s 18456 issues – once we tracked down the error log and saw that it was state 16, it was easy to determine that their login had been set up with a default database that had been detached long ago.
When I see folks struggling with this problem, I almost always see them pointed to this old MSDN blog post (or this other version from MSDN), which has a very brief partial list and a lot of unanswered questions. A newer list appears here, with some useful info, but it is still incomplete.
So here is what I consider a more complete listing of all the various states for login failures. I included an instance of 18470 under state 1 for completeness.
State | Example / Description (note: the verbose message usually has [CLIENT: <IP>] suffix) |
---|---|
1 |
Error: 18470, Severity: 14, State: 1. Login failed for user ‘<x>’. Reason: The account is disabled. |
State 1 now occurs when a login is disabled – but actually, the error in the log is 18470, not 18456 – because the login is disabled, it doesn’t get that far. See state 7.Prior to SQL Server 2005, State 1 always appeared in the log for all login failures, making for fun troubleshooting. 🙂 | |
2 |
Error: 18456, Severity: 14, State: 2. Login failed for user ‘<x>’. Reason: Could not find a login matching the name provided. |
The login (whether using SQL or Windows Authentication) does not exist. For Windows Auth, it likely means that the login hasn’t explicitly been given access to SQL Server – which may mean it is not a member of an appropriate domain group. It could also mean that you’ve created a server-level login, mapped a database user with a different name to that login, and are trying to connect using the user name, not the login name. This is the same as State 5, but State 2 indicates that the login attempt came from a remote machine. | |
5 |
Error: 18456, Severity: 14, State: 5. Login failed for user ‘<x>’. Reason: Could not find a login matching the name provided. |
Like state 2, the login does not exist in SQL Server, but the login attempt came from the local machine. For both state 2 and 5, prior to SQL Server 2008, the reason was not included in the error log – just the login failed message. And starting in Denali, for both state 2 and 5, this error can happen if you specify the correct username and password for a contained database user, but the wrong (or no) database. Note that if you are trying to connect to a contained database using the connection dialog in SSMS, and you try to <Browse server…> for the database instead of typing the name explicitly, you will first receive a prompt “Browsing the available databases on the server requires connecting to the server. This may take a few moments. Would you like to continue?” If the SQL auth credentials do not also match a login at the server level, you will then receive an error message, because your contained user does not have access to master.sys.databases. The error message in the UI is, “Failed to connect to server <server>. (Microsoft.SqlServer.ConnectionInfo)Login failed for user ‘<x>’. (Microsoft SQL Server, Error: 18456).” The takeaway here: always specify the database name explicitly in the options tab of the connection dialog; do not use the browse feature. | |
6 |
Error: 18456, Severity: 14, State: 6. Login failed for user ‘<xy>’. Reason: Attempting to use an NT account name with SQL Server Authentication. |
This means you tried to specify SQL authentication but entered a Windows-style login in the form of DomainUsername. Make sure you choose Windows Authentication (and you shouldn’t have to enter your domain / username when using Win Auth unless you are using runas /netonly to launch Management Studio). In SQL Server 2012 at least, you will only get state 6 if the domainusername format matches an actual domain and username that SQL Server recognizes. If the domain is invalid or if the username isn’t an actual Windows account in that domain, it will revert to state 5 (for local attempts) or state 2 (for remote attempts), since the login doesn’t exist. | |
7 |
Error: 18456, Severity: 14, State: 7. Login failed for user ‘<x>’. Reason: An error occurred while evaluating the password. |
The login is disabled *and* the password is incorrect. This shows that password validation occurs first, since if the password is correct and the login is disabled, you get error 18470 (see state 1 above). It’s possible that your application is sending cached credentials and the password has been changed or reset in the meantime – you may try logging out and logging back in to refresh these credentials. | |
8 |
Error: 18456, Severity: 14, State: 8. Login failed for user ‘<x>’. Reason: Password did not match that for the login provided. |
Probably the simplest of all: the password is incorrect (cASe sEnsiTiVitY catches a lot of folks here). Note that it will say “the login provided” even if you attempted to connect as a contained database user but forgot to specify a database, specified the wrong database, or typed the password incorrectly – unless it finds a match, SQL Server doesn’t have any idea you were attempting to use a contained database user. An interesting case here is Docker containers – |
|
9 |
Error: 18456, Severity: 14, State: 9. Login failed for user ‘<xy>’. |
Like state 2, I have not seen this in the wild. It allegedly means that the password violated a password policy check, but I tried creating a login conforming to a weak password policy, strengthened the policy, and I could still log in fine. And obviously you can’t create a login with, or later set, a password that doesn’t meet the policy. Let me know if you’ve seen it. | |
10 |
Error: 18456, Severity: 14, State: 10. Login failed for user ‘<x>’. |
This is a rather complicated variation on state 9; as KB #925744 states, this means that password checking could not be performed because the login is disabled or locked on the domain controller (note that if SQL Server does not start, it could be because the account that is locked or disabled is the SQL Server service account). No reason or additional information is provided in the “verbose” message in the error log. | |
11 12 |
Error: 18456, Severity: 14, State: 11. Login failed for user ‘<x>’. Reason: Login-based server access validation failed with an infrastructure error. Check for previous errors. Error: 18456, Severity: 14, State: 12. |
States 11 and 12 mean that SQL Server was able to authenticate you, but weren’t able to validate with the underlying Windows permissions. It could be that the Windows login has no profile or that permissions could not be checked due to UAC. Try running SSMS as administrator and/or disabling UAC. Another reason could be that the domain controller could not be reached. You may need to resort to re-creating the login (see this post from Simon Sabin). Finally, PSS has recently released more information about states 11 and 12; see this post for potential scenarios and solutions, and also see states 146-149 below for changes in SQL Server 2016. | |
13 |
Error: 18456, Severity: 14, State: 13. Login failed for user ‘<x>’. Reason: SQL Server service is paused. No new connections can be accepted at this time. |
This state occurs when the SQL Server service has been paused (which you can do easily and even accidentally from the context menu in Object Explorer). | |
16 |
Error: 18456, Severity: 14, State: 16. Login failed for user ‘<x>’. You may also see: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. |
State 16, which only occurs prior to SQL Server 2008, means that the default database was inaccessible. This could be because the database has been removed, renamed, or is offline (it may be set to AutoClose). This state does not indicate a reason in the error log. In 2008 and beyond, this is reported as state 40 (see below), with a reason. In SQL Server 2005, this state may also be reported if the user’s default database is online but the database they explicitly requested is not available for the reasons stated above (also see state 27). If you get the pre-login handshake message, it may be because you’ve disabled SSL on the server. | |
18 |
Error: 18456, Severity: 14, State: 18. Login failed for user ‘<x>’. |
Supposedly this indicates that the user needs to change their password. In SQL Server 2005, 2008 R2 and SQL Server 2012, I found this was raised as error 18488, not 18456; this is because for SQL logins the change password dialog just delays logging in, and is not actually a login failure. I suspect that, like state 16, this state will no longer appear in future versions of SQL Server. | |
23 |
Error: 18456, Severity: 14, State: 23. Login failed for user ‘<x>’. Reason: Access to server validation failed while revalidating the login on the connection. |
There could be a few reasons for state 23. The most common one is that connections are being attempted while the service is being shut down. However if this error occurs and it is not surrounded in the log by messages about SQL Server shutting down, and there is no companion reason along with the message, I would look at KB #937745, which implies that this could be the result of an overloaded server that can’t service any additional logins because of connection pooling issues. Finally, if there *is* a companion reason, it may be the message indicated to the right, indicating that SQL Server was running as a valid domain account and, upon restarting, it can’t validate the account because the domain controller is offline or the account is locked or no longer valid. Try changing the service account to LocalSystem until you can sort out the domain issues. | |
27 |
Error: 18456, Severity: 14, State: 27. Login failed for user ‘<x>’. |
State 27, like state 16, only occurs prior to SQL Server 2008. It means that the database specified in the connection string has been removed, renamed, or is offline (possibly due to AutoClose) – though in every case I tried, it was reported as state 16. This state does not indicate a reason in the error log. In 2008 and onward this is reported as state 38 (see below), with a reason. | |
28 |
Error: 18456, Severity: 14, State: 28. Login failed for user ‘<x>’. |
I have not experienced this issue but I suspect it involves overloaded connection pooling and connection resets. I think you will only see state 28 prior to SQL Server 2008. | |
38 |
Error: 18456, Severity: 14, State: 38. Login failed for user ‘<x>’. Reason: Failed to open the database specified in the login properties. or Reason: Cannot open database “<database>” requested by the login. The login failed. |
The database specified in the connection string, or selected in the Options > Connection Properties tab of the SSMS connection dialog, is no longer valid or online (it might be set to AutoClose or the user may simply not have permission). I came across this once when I typed <default> here instead of picking that option from the list. This is reported as state 27 or state 16 prior to SQL Server 2008.
Note that this could also be a symptom of an orphaned login. After establishing mirroring, Availability Groups, log shipping, etc. you may have created a new login or associated a user with a login on the primary database. The database-level user information gets replayed on the secondary servers, but the login information does not. Everything will work fine – until you have a failover. In this situation, you will need to synchronize the login and user information (for one example, see this script from the late Robert Davis). |
|
40 |
Error: 18456, Severity: 14, State: 40. Login failed for user ‘<x>’. Reason: Failed to open the explicitly specified database. |
Usually this means the login’s default database is offline (perhaps due to AutoClose) or no longer exists. Resolve by fixing the missing database, or changing the login’s default database using ALTER LOGIN (for older versions, use sp_defaultdb, which is now deprecated). This is reported as state 16 prior to SQL Server 2008. | |
46 |
Error: 18456, Severity: 14, State: 46. Login failed for user ‘<x>’. Reason: Failed to open the database configured in the login object while revalidating the login on the connection. |
State 46 may occur when the login (or login mapping to the service account) does not have a valid database selected as their default database. (I am guessing here but I think this may occur when the login in question is attempting to perform log shipping. Again, just a guess based on the few conversations I discovered online.) It can also occur if the classifier function (Resource Governor) or a logon trigger refers to a database that is offline, no longer exists, or is set to AutoClose. | |
50 |
Error: 18456, Severity: 14, State: 50. Login failed for user ‘<x>’. Reason: Current collation did not match the database’s collation during connection reset. |
As the message implies, this can occur if the default collation for the login is incompatible with the collation of their default database (or the database explicitly specified in the connection string). It can also happen if they are using a client tool like Management Studio which may, when they have been disconnected, try to connect to master upon reconnection instead of their default database. | |
51 |
Error: 18456, Severity: 14, State: 51. Login failed for user ‘<x>’. Reason: Failed to send an environment change notification to a log shipping partner node while revalidating the login. |
Like states 11 & 12, this could have to do with UAC, or that the domain controller could not be reached, or that the domain account could not authenticate against the log shipping partner, or that the log shipping partner was down. Try changing the service account for SQL Server to a known domain or local account, rather than the built-in local service accounts, and validating that the partner instance is accessible, as well as the database that is being requested in the connection string and the default database of the login. Note that this could be trigged by the failover partner connection string attribute, and that the database may no longer exist or may be offline, single user, etc. | |
56 |
Error: 18456, Severity: 14, State: 56. Login failed for user ‘<x>’. Reason: Failed attempted retry of a process token validation. |
State 56 is not very common – again, like states 11 & 12, this could have to do with UAC, or that the domain controller could not be reached. Try changing the service account for SQL Server to a known domain or local account, rather than the built-in local service accounts. | |
58 |
Error: 18456, Severity: 14, State: 58. Login failed for user ‘<x>’. Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. |
State 58 occurs when SQL Server is set to use Windows Authentication only, and a client attempts to log in using SQL Authentication. It can also occur when SIDs do not match (in which case the error text might be slightly different). | |
62 |
Error: 18456, Severity: 14, State: 62. Login failed for user ‘<x>’. |
State 62 occurs when a Windows Authentication account tries to access a contained database, and the contained database exists, but the SIDs do not match. | |
65 |
Error: 18456, Severity: 14, State: 65. Login failed for user ‘<x>’. Reason: Password did not match that for the user provided. [Database: ‘<x>’] |
Contained user exists, the database is correct, but the password is invalid. This can also happen if you use a SQL login to connect to a contained database that has a contained user with the same name but a different password (one of several reasons this is not recommended). | |
102 103 … 110 111 |
Error: 18456, Severity: 14, State: 102. Error: 18456, Severity: 14, State: 103. Error: 18456, Severity: 14, State: 104. Error: 18456, Severity: 14, State: 105. Error: 18456, Severity: 14, State: 106. Error: 18456, Severity: 14, State: 107. Error: 18456, Severity: 14, State: 108. Error: 18456, Severity: 14, State: 109. Error: 18456, Severity: 14, State: 110. Error: 18456, Severity: 14, State: 111. |
Documented by Microsoft as Azure Active Directory login failures. | |
122 123 124 |
Error: 18456, Severity: 14, State: 122. Error: 18456, Severity: 14, State: 123. Error: 18456, Severity: 14, State: 124. |
According to Microsoft, these indicate a blank or missing username and/or password. | |
126 | Error: 18456, Severity: 14, State: 126. |
The docs say “Database requested by user does not exist.” But it’s not clear why you would get 126 instead of, say, 38 or 40. | |
132 133 |
Error: 18456, Severity: 14, State: 132. Error: 18456, Severity: 14, State: 133. |
Documented by paschott and by Microsoft as Azure Active Directory login failures. | |
146 147 148 149 |
Error: 18456, Severity: 14, State: 146. Login failed for user ‘<Windows auth login>’. Reason: Token-based server access validation failed with an infrastructure error. Login lacks Connect SQL permission. Error: 18456, Severity: 14, State: 147. Error: 18456, Severity: 14, State: 148. Error: 18456, Severity: 14, State: 149. |
These states replace states 11 and 12 above, but only in SQL Server 2016 or better. The goal was to make the actual underlying issue easier for the sysadmin to diagnose between SQL auth and Windows auth logins, and between connect and endpoint permissions (all without giving any further info to the user trying to log in). For more details, see the latter part of this post. |
I am sure I missed some, but I hope that is a helpful summary of most of the 18456 errors you are likely to come across. Please let me know if you spot any inaccuracies or if you know of any states (or reasons) that I missed.
If you are using contained databases, there will be a little extra complication in solving login failures, especially if you try to create contained users with the same name as server-level logins. This is a ball of wax you just probably don’t want to get into…
Thanks to Jonathan Kehayias (blog | twitter), Bob Ward (CSS blog | twitter), and Rick Byham for input and sanity checking.
Sql server error 18456 is common issue appear during login process on Microsoft SQL Server. This error can happen when you try to login with local administrator, as well as under the domain administrator and under the sa. Microsoft SQL Server login failed error can be encountered due to varied reasons. Most of the time, an error code comes up with a description that gives a hint about what has gone wrong. But I some cases the error come without any description. In this article, we’ll take a look at the typical reasons of the error 18456 appear on SQL Server during login process and show different ways to solve this error.
The view of error:
“Login failed for user ‘<user_name>’. (Microsoft SQL Server, Error: 18456)”.
How To FIX SQL Server Error 18456
Troubleshoot with Short Solutions
Here, you have some possible reasons:
- The login does not exist or was not typed correctly
- Make sure that the username or password are correct
- The password is incorrect
- The user forgot the password or login
- The Windows Authentication is not in Mixed mode
- A virus resets all the passwords
- A malicious hacker reset the password
- The logins were damaged or the master database is damaged
- The database was migrated, but the logins were not migrated
- The administrator modified the passwords by mistake
- Restart the SLQ Server service
Troubleshoot with State of the Microsoft SQL error 18456
Most of the time the SQL error 18456 come with the severity and state number. A state number might not mean much, yet it can offer more details as to what is wrong and where to look next.
To get a more detailed info about Microsoft SQL Server Error 18456 reason, you need to open the SQL Server error log file – ERROR.LOG. This is plain text file located under folder MSSQLLog. Below are some states of the error 18456 sql server. The descriptions and potential solutions offer a quick explanation and potential troubleshooting guide.
State | Error Description |
1 | Error information is not available. This state usually means you do not have permission to receive the error details |
2 | Invalid user ID |
5 | User ID is not valid. |
6 | Attempt to use a Windows login name with SQL Authentication |
7 | Login disabled |
8 | Password is incorrect |
9 | Password is not valid |
11-12 | Valid login but server access failure |
13 | SQL Server service paused |
16 | Authorization is correct, but access to the selected database is not allowed |
18 | Change password required |
27 | Initial database not found |
38 | Could not find database requested by user |
102 – 111 |
AAD failure. |
122 – 124 | Failure due to empty user name or password. |
126 | Database requested by user does not exist. |
132 – 133 | AAD failure. |
Common Solution for Error 18456
If the issue cannot be resolved from with short solutions above, read below for additional information:
Read also other SQL Server Helping Posts:
- SQL Server Error 233
- Fix SQL server error 26 and error 40
- Restore Master Database
Checking the Server Authentication Mode
In this case you are trying to login on SQL Server using sql user. Once we login to SSMS using Windows Authentication, we need to check the security settings to confirm whether MSSQL is set up to allow both Windows and SQL Authentication.
Check and Change SQL Server Authentication Mode from GUI:
- In SSMS, right-click the Server Name at the top of the Object Explorer window and choose Properties.
- Next, click the Security page.
- If you find Windows Authentication is the only mode configured, this is the likely cause of sql server error 18456, Login failed for user ‘’.
- Setting the Server authentication mode to allow SQL Server and Windows Authentication, you will be able to login to MS-SQL with a SQL user and password or a Windows user and password. After making this change, you will need to restart the SQL Server service.
Server Authentication Mode
Change SQL Server Authentication Mode from regedit
You can use the registry to modify the authentication mode. Use the regedit to change the registry:
Image (regedit)
- machineHKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft SQL ServerMSSQLXX.MSSQLSERVERMSSQLServer
- Change the login mode value.
- 2 is mixed mode.
- 1 is Windows Authentication.
Change SQL Server Authentication Mode from regedit
Checking pass expired or login disabled
Check out that the password is not expired.
- Open SSMS, Instance – Security – Logins and find the user that have issue
- On general tab check if the Enforce password expiration and enforce password policy are checked
- Un-check them
Check out that the login is enabled.
- Open SSMS, Instance – Security – Logins and find the user that have issue
- On status tab and check if is selected the “Enabled” option
Reset the Password of the user
If you forget your password, you can ask your DBA to reset your account. The easiest way to reset the password is by using SQL Server Management Studio (SSMS).
- Go to security and Logins:
- Select the login and you can change the password:
Checking pass expired or login disabled
- If you do not like to use SSMS, you can use T-SQL to create users and change the password:
USE [master] GOALTER LOGIN [Test] WITH ‘newpasswordtest’GOChange Windows Authentication
So we hope that you fixed the issue with the sql server error 18456.