Share via

SQL Server Management Studio tries to auto re-connect even when closed ?

techresearch7777777 1,981 Reputation points
2023-03-21T23:16:49.17+00:00

Hello, I noticed something strange within one of our monitoring tools that shows active connections into a SQL Server.

It showed my Login account coming from my machine via SQL Server Management Studio.

I wasn't connected and even closed SSMS on my machine but still showed up in active connections in monitoring tool.

I killed my connection session that was showing up in monitoring tool but few seconds later it showed up again with new connection from my machine via SSMS again.

I looked at the target SQL Server Error Logs and it showed coming from machine for past few days successfully reconnecting every 7 minutes continuously through today.

I ended up changing my Login PW on target SQL Server and these which looks like auto re-connect attempts stopped showing up in SQL Server Error Logs. (Showed some initial Failed login attempts shortly after changing my PW but then stopped showing up with any Failed or Successful attempts and hasn't happened again since)

Any explanation how this could've been happening like lingering session in the background or something?

Thanks in advance.

SQL Server | Other
0 comments
Accepted answer
  1. Seeya Xi-MSFT 16,586 Reputation points
    2023-03-22T03:11:30.41+00:00

    Hi @techresearch7777777 ,

    It is possible that there was a lingering session in the background that was causing the connection attempts to persist even after you had closed SSMS on your machine. This could be due to a number of factors such as an unstable network connection or a poorly coded application.

    Another possibility is that your machine had been compromised and a third-party application was attempting to connect to the SQL Server using your login credentials. In this case, changing your login password would have terminated the unauthorized connection attempts.

    Regardless of the cause, changing your login password was a good precautionary measure to take in order to prevent any further unauthorized access attempts.

    Because it is not known what kind of monitoring tool you are using. You can use the Extended Events that come with SQL Server. It can capture specific events.

    Right-click on "Extended Events" and select "New Session Wizard".

    In the "New Session Wizard" dialog box, specify a name for the session, and select "Start immediately".User's image

    User's image

    You can choose more fields according to your needs.

    Please refer this article for more details: https://www.sqlshack.com/creating-a-sql-server-audit-using-sql-server-extended-events-and-triggers/

    Best regards,

    Seeya

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.