I realised a few minutes ago , in my sql server log; there was an error:
SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed
[CLIENT: 222.186.61.15]
But i don't have an sqlclient ip 222.186.61.15 I research this ip and :
Continent: Asia Country: China cn flag State/Region: Jiangsu Sheng City: Nanjing
Is my Sql Server under attack?:)
What is this?
Thanks for help.
Short answer; probably, but don't panic.
Someone tried to log onto your SQL server with invalid login credentials. If its coming from an IP that's totally out there, then it's probably not just someone mistyping their password. I wouldn't be overly worried about it, though. Its pretty common to see stuff like this every once in a while. Usually, its someone or some tool going through a list of SQL servers and trying common login credentials in hopes of getting lucky.
Just make sure you have solid login credentials, maybe update your firewall/IDS, and watch your logs to make sure that IP (or another weird one) logs in later.
User contributions licensed under CC BY-SA 3.0