Quantcast
Channel: SQL Server Security forum
Viewing all 3042 articles
Browse latest View live

GoDaddy is requiring the common name of my SSL certificate to be changed because it is an internal name. Can I just change the name of my server without repercussions?

September 8, 2016, 3:09 pm
$
0
0

Hello out there.  I've received the following e-mail from GoDaddy at the bottom of my post (I've slightly changed the common name of the cert to a bogus name for security purposes).  GoDaddy will revoke the certificate by October 1st unless I update the common name to a FQDN.  I'm going to test this on a non production virtual machine, but I still wanted to put a few questions out to the folks out there on the interwebs.

1.  My server's computer name is currently the same as the common name of my certificate.  I've read this must so, or the encryption will not work.  Can I simply change the name of the server itself (computer name in Server 2008 R2 ) to www.abc.com from ABCSQL.companyname.local without any repercussions?

2.  I have several different websites accessing this SQL server from different domain names.  Can I choose any one of my domain names?  For example if I choose www.abc.com as the common cert name for SQL, will www.xyz.com still be able to access the DB?

3.  Right now I am not forcing encryption.  Anyone out there have an opinion on this setting?

4.  As of now, the certificate is not available in the drop down list of the SQL Server Configuration Manager under SQL Server Network Configuration.  I've read this is because the certificate must use a FQDN.  Has anyone else experienced this issue?

I have two SQL servers at the moment.  Both are Windows 2008 R2.  One is running SQL Server 2008 and the other is running SQL Server 2012.  Thanks for reading and thank you for any input you can provide.

***Email from GoDaddy below***

An SSL certificate's common name is the primary domain name it secures/encrypts. Because your common name is an internal name or IP address, your certificate is no longer valid. This applies to the certificate for the following domain name(s):

ABCSQL.companyname.local 

Please change your common name to an FQDN before September 28, 2016. If you don't make this update, we're required to revoke your certificate by October 1, 2016. 


Search

Login failed for user:Token-based server access validation failed with an infrastructure error

July 9, 2010, 2:46 pm
$
0
0
 

I would appreciate help with the following issue:

 

I have created a local group in our SQL 2008 server and added two Windows user accounts "DOMAIN\UserName" I  then added the local group to the database and granted read only access.

 

The users are trying to link tables using MS Access using and ODBC connection and getting the following error.

Users are not system administrators.

 

Date                      6/30/2010 1:01:54 PM

Log                         SQL Server (Current - 6/30/2010 1:10:00 PM)

Source                  Logon

Message

Login failed for user 'DOMAIN\UserName'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 999.99.9.99]

 

Date                6/30/2010 1:01:54 PM

Log                SQL Server (Current - 7/1/2010 8:12:00 AM)

 

Source                Logon

 

Message

Error: 18456, Severity: 14, State: 11.

 

Database Server:

windows Server 2008 R2 Enterprise

System type: 64-bit Operating System

SQL Server 2008

Who deleted a database mail profile.

September 12, 2016, 8:04 pm
$
0
0
I had a job that was using a mail profile and the job started failing. Well the mail profile was deleted. I want to know how can I find out who did it?

Alan

MS SQL Server 2016 licence Procurment Process

September 12, 2016, 7:43 am
$
0
0

Hi,

I need one information, if I have SQL Server 2016 standard edition software and its license how can I add that license to that software.

Please guide us so that we can procure the license to SQL Server 2016

Thanks in Advance

Chalapathi Pagidakula

SQL DBA

Login failed for user

September 12, 2016, 1:02 am
$
0
0

Hi

I am trying to log into SQL management studio SQL 2008 R2 on server 2008 R2. I am getting the below error when trying to log in. I have permission to log in and i have a remote session onto the server using rdp.

Login failed for user 'EU01\admin_smw'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]

Any ideas why?

Thanks

Shane

Credential not working after upgrade

September 11, 2016, 8:40 pm
$
0
0

hi

I have upgraded my SQL server from 2012 to 2014, and also upgraded the edition to enterprise from standard.

I am fairly convinced that somewhere in the encryption and retrieval there is a problem, does anyone know how this can be fixed?? 

There are a number of jobs that run SSIS packages, I am trying to make them run via a proxy account but the SSIS proxy is retuning an error that the login or password are incorrect for the, I have tried a number of accounts and I am sure that the password is entered correctly, I have created a proxy on my own account just to be sure, but I get the same error.

I think that there may be an issue with the encryption of the credentials in the Credential object, can anyone tell me how I can check this and hopefully fix it as well?

Any help much appreciated

Andy May 

CRM 4, SQL Server and .Net developer using C#



sql server authentication user account limit connection by ip address

September 13, 2016, 9:16 am
$
0
0

Hello,

I currently have an app that is use a sql server auth login account. i would like to limit the connection to comes only from specific server ip. there are many end users that are using the same account to connect to sql server.

is there any way we can acomplish this?

Would like to backup database without encryption

September 14, 2016, 12:05 am
$
0
0

Hi All,

I am using SQL Server 2008 Enterprise Edition.

I have applied encryption TDE on my database.

Could I backup database without encryption?

Thank you,

Phea

Search

store passwords so developers do not know them

September 13, 2016, 1:42 pm
$
0
0

Hi,

I am trying to see if anyone else has created or purchased a solution for storing passwords so that the developers do not know them. Sort of like program would sign on to sql server by searching something (a table ?) where the sign-on and password would be stored and the program and developer won't know it.

Any ideas?

 

Any plans to add Granularity to UNMASK in Dynamic Data Masking (DDM) SQL Server 2016?

September 14, 2016, 8:48 am
$
0
0
Right now, Unmask is global. You can not specify unmask permissions at the table level or column level. Column level would be ideal. It's currently all or nothing. This definitely does not meet business needs. We have different tiers of users that have different levels of permissions to data.

Only one user can access the database include sa don't access the database

September 14, 2016, 1:04 am
$
0
0

Only one user can access the database include sa don't access the database

how to restrict the all users except one user

Microsoft SQL Server Error 18456 Severity 14 State 1

June 19, 2007, 9:22 am
$
0
0
I can't seem to connect to our local instance of Microsoft SQL Server. I obtained the followinf infrotmation from the error log and I can't find anything in regards to Severity 14 and state 1. If anyone has any information in regards to this it would be much appreciated. Thanks in advance!

===================================

Cannot connect to 10.1.0.191.

===================================

Login failed for user 'kbober'. (.Net SqlClient Data Provider)

------------------------------
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476

------------------------------
Server Name: 10.1.0.191
Error Number: 18456
Severity: 14
State: 1


------------------------------
Program Location:

   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
   at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
   at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup)
   at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.SqlClient.SqlConnection.Open()
   at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ObjectExplorer.ValidateConnection(UIConnectionInfo ci, IServerType server)
   at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()

Using non standard listening port and a tcp dynamic port

September 15, 2016, 3:41 am
$
0
0

I configure a sql server instance to use a non standard TCP Port under IPALL in the configuration manager tool.  The firewall has been opened for this port.  Would there be any reason to also add a port number to TCP Dynamic Ports?  Would this be a security risk?

I'm trying to uinderstand why anyone would do this?  Why wouldn't you leave the TCP Dynamic Ports entry blank?

unable to change the password for sql services using powershell script

September 16, 2016, 3:50 am
$
0
0

Hello All,

I am trying to automate the process of change the passwords for service account. when i run below powershell script i am getting an error.

Script 

 Try
 {

[reflection.assembly]::LoadWithPartialName(“Microsoft.SqlServer.SqlWmiManagement”) | Out-Null  
       $mc = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Wmi.ManagedComputer localhost

$sqlInst = $mc.Services['MSSQLSERVER']

 $sqlinst.Stop()
                 $sqlinst.refresh()
       while ($sqlinst.ServiceState -ne "Stopped")  
        {  
        $sqlinst.Refresh()  
        write-host "Stopping the SQL Engine Services"
        $sqlinst.ServiceState  
        }  
        "Service" + $sqlinst.Name + " is now stopped" 

$sqlInst.ChangePassword("Password@1", "Password@2")
       $sqlInst.Alter()

$sqlInst.Start() 

}

Catch
{
 $ErrorMessage = $_.Exception.Message
 $FailedItem = $_.Exception.ItemName
 write-host "Error occured while changing the password due to following error message: $ErrorMessage and failed item:$FailedItem "

}

Error:

Error occured while changing the password due to following error message: Exception calling "ChangePassword" with "2" argument(s): "Change service account password failed. " and failed item: 

Please assist in resolving the error


Transparent Data Encryption - Allegedly Severe Flaws?

September 15, 2016, 1:11 pm
$
0
0

When researching transparent data encryption for SQL Enterprise, I recently came across this article from earlier this year:

http://simonmcauliffe.com/technology/tde/

This in short is a pretty brutal critique of transparent data encryption.The article purports to show how to decrypt any unmounted database or backup with nothing more than a Python script, because at bottom the root level keys, he claims, are not protected. The result, he says, is that anyone with admin privileges OR physical access to the storage media can access the data if they know where to look.

I didn't try to replicate his methods yet, but I was wondering if the experts had a response to this or if it is indeed true. TDE is more or less the only reasonable way of encrypting data at rest while still having it be efficiently searchable, so I am very much hoping this is wrong and someone can clear it up. Is TDE actually any better than complete disk encryption? 

Thanks a lot.

Search

How we can enable JDBC Kerberos authentication in SQL Server 2012 Express

September 16, 2016, 7:13 pm
$
0
0
In our Java application we need to connect to SQL Server using JDBC kerberos authentication, We are using SQL Server 2012 Express,When we tried to run query " select auth_scheme from sys.dm_exec_connections where session_id=@@spid" for verify SQL Server can be run via Kerberos return only NTLM, So we need to know how we can enable kerberos in SQL Server 2012

Transparent Data Encryption - Flaws and How to Address Them

September 15, 2016, 1:11 pm
$
0
0

When researching transparent data encryption for SQL Enterprise, I recently came across this article from earlier this year:

http://simonmcauliffe.com/technology/tde/

This in short is a pretty brutal critique of transparent data encryption.The article purports to show how to decrypt any unmounted database or backup with nothing more than a Python script, because at bottom the root level keys, he claims, are not protected. The result, he says, is that anyone with admin privileges OR physical access to the storage media can access the data if they know where to look.

I didn't try to replicate his methods yet, but I was wondering if the experts had a response to this or if it is indeed true. TDE is more or less the only reasonable way of encrypting data at rest while still having it be efficiently searchable, so I am very much hoping this is wrong and someone can clear it up. Is TDE actually any better than complete disk encryption? 

Thanks a lot.


Forum Ninjas News! Monday Interview with Erland Sommarskog

September 19, 2016, 8:24 am
$
0
0

Good day to all :-)

Each week we pick one top contributor on MSDN and TechNet Forums, write about their forum achievements (and also about their other achievements), and we interview them. Today we’re going to get to know one of the blog’s most active members, Microsoft MVP, Microsoft Community Contributor, and Forum Ninja…

Click the link to meet Erland Sommarskog :-)

signature  Ronen Ariely
 [Personal Site]    [Blog]    [Facebook]   [Linkedin]

Full Database-Level Encryption That Even Admins Couldn't Circumvent?

September 18, 2016, 5:52 pm
$
0
0

Hi all - This is a continuation of a previous post about TDE. During that discussion a different, more fundamental issue arose which I think is best addressed in a separate thread.

The problem is relatively straightforward. Suppose a single SQL Server instance, with multiple databases containing extremely sensitive information of various fierce competitors. Let's say database A contains the formula for Coca-Cola, while database B contains the formula for Pepsi. (And please, don't tell me that Coke and Pepsi would never both use such a system; just humor me). I want to design this database application so that each database is separately encrypted, with a separate set of users who have the ability to decrypt it, such that it is impossible for anyone - even an admin - to be able to access either database unless the "client" (e.g., Coke or Pepsi, respectively) allowed it. The idea is to protect against hacked dba or system admin accounts and, of course, disgruntled employees. No one, ever, should be able to get the keys to the entire kingdom via one account.

Is there any way for this to be accomplished in SQL Server (enterprise or otherwise)?

As far as I can tell, TDE will not work for this. In standard TDE, the Database Master Key is common for all databases on the instance. Even if the DMK is password protected, which was suggested on the other thread, access to a single database still would imply access to all of them.

Column-level encryption, it appears, might work, but it makes searching incredibly slow and full text indexing impossible.

At bottom, my problem would be solved if I could use TDE and generate or import the individual Database Encryption Keys myself, and unlock them only with the credentials of an authorized user. But generating the DEK requires either a server certificate generated with the common DMK (defeating the purpose of what I want to do), or an external key management (EKM) system. I cannot find anything about how to create an EKM, nor is it even clear an EKM would not suffer from the same issue.

What are my options here, and if the answer is there are none, I would really like to know what the rationale is for not having this ability. 

Thanks a lot.


Database Error: A failure occurred during initializing of an Audit

September 19, 2016, 5:40 am
$
0
0

I am getting this error on my database. What can be the issue

EventViewer information is;

Event Definition Group 8, Category 3, Event ID 3000, User 0 generated event - Database Error (will retry 4 times) : A failure occurred during initializing of an Audit. See the <g class="gr_ gr_76 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="76" id="76">errorlog</g> for details.
SELECT ASSTYPEID FROM RUNTIME_ASSOC_V WHERE ASSOC_INSTANCE_ID=:1 and INSTANCE_ID=:2 - INPUT PARAMETERS: (61510032, 891500), Logged At (Tue Sep 13 12:00:06 2016
) (hr = 0x1) in function ADOConnection::Execute on line 1 in  during transaction 0 at 13/09/2016 12:00:08, severity is 0

Viewing all 3042 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>