Problem
For some reason your web site is up, but none of the data is loading on your web site? Is your SQL Server up and running? Are you able to access the data with either your Windows account or sa? What does your SQL Server error log report? What is the culprit? You may see the error “The password of the account has expired.”
Solution
Chances are if you check the SQL Server error log you will see a message as follows:
Logon Error: 18487, Severity: 14, State: 1.
Logon Login failed for user 'loginname'. Reason: The password of the account has expired. [CLIENT: <named pipe>]SQL Server 2005 introduced ‘Enforce password policy’ and/or the ‘Enforce password expiration’ configurations which use the local policies for password length, complexity and expiration. Depending on how Active Directory, the local policies and your rights are setup, these parameters can be reviewed and changed to dictate how SQL Server uses these configurations.
If you get this error message, the simple thing is to reset the password, but you may also want to check the settings in SQL Server and Windows to make sure you have the correct settings.
Where can I find SQL Server login properties for a login?
- Open Management Studio and the object browser.
- Navigate to the Security > Logins folder.
- Find the login you are interested in reviewing.
- Right click on the login and select the ‘Properties’ option.
- On the General tab, review the ‘Enforce password policy’ and the ‘Enforce password expiration’ configurations. (screen might look a little different depending on SQL version)

Where can I find Window password policies?
Under Windows Admistrator Tools lauch Local Security Policy to review the local policies on the machine or you can type “secpol.msc” in the Windows Run box. Below is what you will see as the options.

Next Steps
- Review your logins to ensure you are aware if they are using the Enforce password policy and/or the Enforce password expiration configurations.
- Now you know what to do the next time you see the message “Login failed for user ‘loginname’. Reason: The password of the account has expired.”
- Setup an alert to capture when this event occurs to correct it immediately or determine another means to reset the passwords so these policies do not impact your applications.
- For additional information about the Enforce password policy and/or the Enforce password expiration configurations, reference the Password Policy article in SQL Server Books Online.
- For additional SQL Server security information check out these tips.

Jeremy Kadlec is a Founder, Editor and Author at MSSQLTips.com with more than 300 contributions and 25+ years of SQL Server experience. Jeremy leads a team of more than 300 authors helping millions of SQL Server professionals around the globe every second of the day for the last 20 years. He is also the CTO @ Edgewood Solutions and a six-time SQL Server MVP based on his community contributions. Jeremy brings 25+ years of SQL Server DBA and Developer knowledge to the community and holds a bachelor’s degree from SSU and master’s degree from UMBC.
