Recently we started getting alerts as below :
- EventID 18456 – Login failed for user ‘abc’. Reason: Could not find a login matching the name provided. [CLIENT: xx.xx.xx.xxx]
- EventID 17828 –
The prelogin packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library. [CLIENT: xx.xx.xx.xxx]
Below are the steps I did so far to find the Hostname using the Client IP in above log (xx.xx.xx.xxx) :
nststat -a xx.xx.xx.xxx
This does not give me any information about Client Host name and says HostName not found .
ping -a xx.xx.xx.xxx
This gives me Reply message for IP mentioned .
Domain cant find IP.
What else should I do to find out what is wrong with failed login and whose login it is and from which machine ?
Try the following (taken from https://stackoverflow.com/questions/15873060/how-to-get-machine-name-from-ip-address-in-sql-server-2008)
declare @IP as varchar(15) declare @cmd as varchar(1000) set @IP='xxxxx' SET @cmd = 'ping -a -n 1 ' + @IP Create Table #Output (Output varchar(150) default('')) INSERT INTO #Output EXEC xp_cmdshell @cmd Begin try Select top 1 Replace(LEFT([Output],CHARINDEX('[', [Output])-2),'Pinging ','') as HostName from #Output where Output like 'Pinging%' End Try Begin catch Select 'Host name for:' + @IP +' could not be find' End catch