Login error failed for user 'user' when trying to connect to SQL Server through a .NET (C #) application

Views: 1.655
Reading Time: 5 minutes

Hello people,
Good afternoon.

In this post I will comment on a problem I recently encountered in a company where no application was able to connect to the production database, displaying the message “Login failed for user 'user'.”

Introduction and problem description

In the enterprise where this connection error occurred, there are several applications that connect to the production SQL Server database using the same user with SQL Server authentication. Given this scenario, it is complicated to identify by the database to which application a session is associated, or even, which AD user logged in the application and performing those actions in the database.

To make this identification possible, an experienced analyst has developed a change to C # applications so that he can enter the username logged in AD and the system name in the “Program Name” parameter in the database connection string , getting something like this:
Data Source=myServer; Initial Catalog=myDB; User Id=myUsername; Password=myPassword; Application Name=UsuarioAD/Sistema;

We did the tests and everything worked very well. The application was sending the user / system and through WhoIsActive it was possible to clearly identify the user and system responsible for each session in the production database through the program_name column.

Within minutes of this change in production, a number of calls and alerts began to arrive that reported the error “Login failed for user 'user'.” Where the source hostnames were the production IIS servers.

sql-server-login-failed-for-user

The first step in trying to identify what was going on was to analyze the database. We validated that the password was correct, and the login was successful, using the user of the application, because until then, was suspected of changing the password.

It has been checked in the SQL Server logs (Management> SQL Server logs) and there was no incorrect password login failure log. I confirmed in the server settings that Login auditing for login failures was actually enabled (figure below) and really, there was no incorrect password registration on the production servers.

sql-server-login-auditing

After that, we confirmed that the connection string, which was changed, was actually pointing to the production server. Meanwhile, error messages were accumulating and although this was occurring, many users were able to use the system normally by connecting to the database normally. We did some tests on the system screen and the error was intermittent: Now it worked, sometimes it had a "Login failed" error.

It was decided to restart the IIS servers, which solved the problem for a few minutes, but soon reoccurred some minutes later.

That was when they raised the point of the SQL Server connection pool. According to Microsoft documentation (https://msdn.microsoft.com/en-us/library/8xx3tyca(v=vs.110).aspx), a pool of 100 connections (default value) is created for each single connection string, that is, for each user / system combination, SQL Server was reserving 100 connections!

Due to this change in the connection string, the bank connection limit was eventually reached and causing the problem mentioned in the post.

For those unfamiliar, connection pooling is a very useful feature as it considerably reduces the overhead generated by applications due to opening / closing connections, since connection pooling keeps connections to the bank always open (during a period), even if inactive due to lack of activity, and manages the opening / closing of database connections.

Connection Pool related parameters in connection string

ParameterStandard valueDescription
Max Pool Size100The maximum number of connections allowed in the pool.

Valid values ​​are greater than or equal to 1. Values ​​that are less than Min Pool Size generate an error.
Min Pool Size0The minimum number of connections allowed in the pool.

Valid values ​​are greater than or equal to 0. Zero (0) in this field means no minimum connection is initially opened.

Values ​​greater than Max Pool Size generate an error.
Pooling'true'When the value of this key is set to true, any newly created connections will be added to the pool when closed by the application. On a next attempt to open the same connection, this connection will be drawn from the pool.

Connections are considered equal if they have the same connection string. Different connections have different connection chains.

The value of this key can be "true", "false", "yes" or "no".
PoolBlockingPeriodCarDefines the lock period behavior for a connection pool. More information accessing this link.

Connection Pool Tests

If this happens to you, or any developer has the same idea, you now know the impacts of changing the connection string and how to solve it. In this case, as a connection pool would be opened for each user / system, a smaller pool of 4 connections could be used, for example, but would have many open pools in the bank and the need to keep opening and closing connections would still exist, making connection pooling did not make much sense in this mode of operation.

After solving the problem, the development team decided to prove this theory by creating a small program that simply opened 100 connections using a normal connection string, with the Application Name fixed and the Max Pool Size parameter set to the 20 value. After execution, only 20 connections were opened in the database.

By changing the program to generate random values ​​for the Application Name parameter, SQL Server actually reserved 20 connections for each of the 100 connections made.

How to identify the number of SQL Server instance connections

To perform these instance connection number checks, you can use one of the following queries:

How to identify the maximum number of SQL Server instance connections

To identify the maximum limit of users configured on the instance (SQL Server maximum limit is 32.767 connections), you can use one of the following commands:
sql-server-max_connections

sql-server-sys-configurations-user-connections

sql-server-sp_configure-user_connections

How to change the maximum number of SQL Server instance connections

To change the maximum number of SQL Server connections, you can use the command below:

The user connections option specifies the maximum number of concurrent user connections allowed on an instance of SQL Server. The actual number of user connections allowed also depends on the version of SQL Server you are using and the limits of your application or applications and hardware. SQL Server allows a maximum of 32.767 user connections.

Because user connections is a dynamic (self-configuring) option, SQL Server automatically adjusts the maximum number of user connections as needed to the maximum allowable value. For example, if only 10 users are logged in, 10 user connection objects will be allocated. In most cases, you do not need to change the value of this option. The default is 0, which means allowed maximum user connections (32,767) are allowed.

That's it folks!
I hope you enjoyed this post and even more!