This happens when user ‘NT AUTHORITY\SYSTEM’ local group does not have access to SQL Server and some service is trying to access SQL Server using this account.
To Trace out which services is causing this issue, first you will have to run the profiler. We do not require all the events, so we can apply the filter for profiler to capture only “Audit Login Failed” event class.
The results of profiler are below
With this data we can conclude that it is coming from SQLsafe application.
But from which process this is coming?
For this now we have to check the ClientProcessID column in the profiler results i.e. 5316 from the profiler results.
Now, when we check in the task manager of the server, PID 5316 is allocated for “SQLSafeBackupService.exe”
If PID is not visible in the processes Tab of TaskManager then go to “view” option and click on “Select Columns”. And choose PID (Process Identifier)
Now if we go to “services.msc” and check for the logon account of this service we see that this is running under “Local System” account.
Once the Logon account is changed to some service account which has access to SQL Server, then the error stops.
This article is also available in pdf format for downloading.
Please Click here to get your copy.