Problem solve Get help with specific problems with your technologies, process and projects.

Problem accessing SQL Server using ASP.NET

My question is about frequent 680 and 529 events. We have a Web server running Win2K server that has the local user ASP.NET on it. This user is repeatedly trying to access resources on one of our SQL servers, which is running Win2K advanced server, causing the events to be generated. I have given information on the dates and times of the events coming from the SQL server to our Web team, but they can't figure out what is causing the problem. From what I could see, there are no drive mappings on the Web server to the SQL server or anything like that. Have you seen this type of thing before, or do you have any ideas what or how the ASP.NET user is trying to access the SQL server? Thanks for your time and your help. The events generated from the SQL server are as follows:

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 9/8/2004
Time: 5:03:41 PM
Computer: SQL Server
Logon account: ASPNET
Source Workstation: Web Server
Error Code: 0xC0000064

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 9/8/2004
Time: 5:03:41 PM
Computer: SQL Server
Logon Failure:
Reason: Unknown user name or bad password
User Name: ASPNET
Domain: Web Server
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: Web Server
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address:
Source Port: 0

By default ASP.NET applications use the ASP.NET account to access data. The SQL Server is not configured by default to allow access for this account to SQL databases and resources. Remember, file shares are not the only way to access data. WEB DAV, and Web servers can also be configured as part of an application that requires access to SQL data. Ask the Web team to look at ASP.NET applications that use the database and possible error messages that indicate failures.

If the ASP.NET account should be accessing data, then it can be configured to do so. Go to this link for more information. It's most likely that there is some process in the application that is attempting the access. Also, don't rule out an attempt by an attacker to use an ASP.NET application to attempt to obtain data by using it to run SQL queries.

This was last published in September 2004

Dig Deeper on User passwords and network permissions

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.