How we can create a krb5.ini file, we need to establish a JDBC SQL Server Connection from our java application in "JIJO.Sugar.local" machine to SQL Server in "ZZZZ.Sugar.local" machine.
↧
Create Kerberos Configuration File
↧
SIDHistory and SQL logon issues.
Hi guys,
I am really struggling with this one and really hope someone has an answer for me. My SQL knowledge is practically non-existent, so please excuse me if I am not 100% on the ball :)
PROBLEM
DomainB\User1 uses an SQL resource on DomainA\SQLServer. This works fine until I clone the user account from DomainB to DomainA in preperation for a migration.
When a new replicated user account is created in DomainA with a different SID, but with replicated SIDHistory, the SQL login fails with an error similar to a duplicate SID, however this is not the case as the SID on each account is unique.
This still happens using the DomainB\User1 login.
TEMPORARY RESOLUTION
Restarting the SQL service resolves the problem for 1-4 days, then re-appears again with the same issue.
If I remove the SIDHistory attribute from the AD user account in DomainA, the SQL login also works.
SITUATION
This happens for all users I am trying to migrate and we need SIDHistory for resource access reasons.
Can you think of any reason why SQL would be looking at the SIDHistory value then erroring with an ambiguous logon error rather than looking at just the SID, and also if there is a way to stop this from happening.
Does restarting the SQL service reload the SID's from AD in to the user table?
Thanks guys,
John.
↧
↧
Error 15401. cross domain sid history from user migrated .
Hi .
I have two domains. Domain A is old 2003 functional level and Domain B is new 2012 functional level. We have users migrated from domain A to Domain B with Sid history .
SQL server is built on domain B and users are added to SQL logins from Domain A . We are experiencing Error 15401 . If we remove the sid history from user in Domain B . It all works fine .
We are in middle of moving all our infrastructure to new domain and cannot really remove sid history from users in Domain B at this time.
Not sure why SQL server 2014 is acting wiered. Our SQL server is 2014 Enterprise . Can you point me to any hotfix /workaround etc.
Thanks
Mumtaz
↧
Create a User With Entire Privileges on a Domain
Hi guys,
While me and my colleague are working in the same bank when I add him by search on the same domain, or he does the same, we don't find any access on each other's SQL Servers like (MachineName\InstanceName)?
Any specific reason? How to create multiple users of an SQL Server Engine installed on a machine on a domain, with entire rights and privileges?
Thanks in advance.
↧
Audit can't enable.
Hello.
I use SQL Server 2012 and according to the "https://mssqltalks.wordpress.com/2013/02/25/how-to-audit-login-to-my-sql-server-both-failed-and-successful/" I want Enable Audit but when I right click on my Audit and select "Enable Audit" then it show me below error :
How can I fix it?
Thank you.
↧
↧
Ocultar password en una tabla
¿Cómo puedo ocultar los valores del password en una tabla, para cuando alguien revise mi base de datos no vea los valores del password?
↧
How to find last successful login attempt to particular login in sql server?
Hi All,
Please help me to find last successful login attempt to particular login in sql server by using the below script.
SELECT name AS Login_Name, type_desc AS Account_TypeFROM sys.server_principalsWHERE TYPE IN ('U', 'S', 'G') and name like '%login_name%'ORDER BY name, type_desc
Thanks in advance,
Ram
↧
I am not able to send Database mail over TLS 1.2 in SQL server 2012
Hi,
We upgraded our internal mail server with TLS 1.2 yesterday for security concern. So we upgraded our SQL Server 2012 (Web Edition) with latest SP3 -CU5 11.0.6544.0 (X64) to support TLS 1.2 for sending mail from database mail. But we are not able send mail from DB mail profile (profile has our Internal mail server credentials and this is over TLS 1.2 only)
After a lot of research on Microsoft Blogs, I did some changes on Registry as follows:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
Still no luck.
After that I applied another hot-fix "SQL11_SP3_GDR__TLS_x86" ((SP3-GDR) (KB3125246) - 11.0.6216.27 (X64) Jan 11 2016 18:22:37). Then also we were unable to send mails form our internal server which upgraded to TLS 1.2.
We are getting below error:
Message The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2016-09-23T10:51:35). Exception Message: Cannot send mails to mail server. (Failure sending mail.).
Note: Earlier we used TLS 1.0 and TLS 1.1, we were able to send DB mail with 1.0 and 1.1 versions.
Environment:
Microsoft SQLServer 2012(SP3-GDR)(KB3125246)- 11.0.6216.27(X64)
Jan 11 2016 18:22:37
Copyright(c) Microsoft Corporation
Web Edition(64-bit)onWindows NT 6.2<X64>(Build 9200:)(Hypervisor)
Windows Server 2012
Please help me in this.
↧
Role to monitor SQL Server but not to access data
What role I need to give a login so it can monitor SQL Server in every aspect (e.g. find the most expensive queries, indexes health, DMVs and Extended Events ... etc ) but not to be able to access any data?
I need a login who can do anything except accessing the data.
↧
↧
secure database
what are the basics steps to secure website's sql server database
↧
Only allow access to a table to users in AD Security Group
Hi,
I have an AD Security Group that needs access to a single view in SQL Server (2014). My problem is that if users have access to the DB, they also have access to the view. By default, I would like to deny "Everyone" access to view who has access to the DB. Then give those users in the SG permissions to select from the view. I can't seem to figure out how to do this without creating additional SG's.
Is there a way to deny access to a single view by default, then give access to users in a SG?
Regards,
Randy
Update: Thanks for all the replies. Let me further clarify my issue.
I have many views and tables that users need access to. I control this through different SGs. I only have one view that some of those users need access to. So in general my SGs have the db_datareader role.
My problem is for one view I need to restrict everyone from selecting from the view except for users in one SG. Unfortunately, the other SGs I use contain some of the same users in the SG I created to control access to the view. Since Deny trumpts Grant, I cannot figure out how to set permissions to lock everyone out of the view except for those in the one SG.
Clear as mud, huh?
↧
Decryption leading to unreadable data .
Hi,
I Encrypted a column using symmetric key encryption .later i tried to decrypt it where i ended with data in chinese language.How to resolve this.Please help me,
Regards
Chaithanya M
↧
Signing Stored Procedure with a Certificate
Hi Guys –
I’m having a little problem or better said I have no idea what’s wrong here.
I created a stored procedure (‘dbo.GetUITicket’). This procedure generates a long random string and I’d like to not grant execution to other users.
So, I learned about certificate users. My Script is as follow:
USE db_mydatabase GO CREATE CERTIFICATE [GetUITicketCert] ENCRYPTION BY PASSWORD = 'MyPa$$word' WITH SUBJECT = 'Sertificate for signing dbo.GetUITicket'; GO BACKUP CERTIFICATE [GetUITicketCert] TO FILE = 'D:\Backup\db_certificate\cert_GetUITicket.CER'; GO USE master GO CREATE CERTIFICATE [GetUITicketCert] FROM FILE = 'D:\Backup\db_certificate\cert_GetUITicket.CER'; GO CREATE LOGIN [UITicketLogin] FROM CERTIFICATE [GetUITicketCert]; GO GRANT AUTHENTICATE SERVER TO [UITicketLogin] GO USE db_mydatabase GO ADD SIGNATURE TO dbo.GetUITicket BY CERTIFICATE GetUITicketCert WITH PASSWORD = 'MyPa$$word'; GO
Now, the errors are happening when users other than db_owner call the procedure. I’m getting permission error.
GetUITicket is a member of dbo role
UITicketLogin has granted permission to execute GetUITicket
Now, users; members of other roles are being denied exec.
Any idea where is my dilemma?
Thanks,
SD
The computing scientist's main challenge is not to get confused by the complexities of his own making.
↧
↧
How to Track all changes done by users without Triggers, CDC?
Hi,
Can we get logs for able, Stored Procedures,Views and functions with credentials(SQL server login name) that is who have updated,deleted ,inserted,created ,altered any table.
We need to restrict users with creating separate credentials and want to track all changes done by users.
I am able to create server level Audits for capturing such information, But I am not able to see such modified information from it. DB level Audits were not supported with SQL server Web Edition 2012.
Is there any alternate solution to track for DDL and DML activities done by users,without using triggers and CDC feature?
Please help.
Current Environment:
SQL Server 2012 Web Edition.
↧
DENY SELECT to ALL except few granted account
Summary:
I want to create a view which needs to be restricted to some service accounts only. No other users should have access to that table even if they have database level access (through roles etc.) to select tables. These service accounts must not be removed from existing roles, as these accounts must retain all existing permissions.
Context:
I got a table with some encrypted columns (using passcode). The view I am trying to create is going to be encrypted (to avoid exposing passcode) and will have decryption function. This view will be restricted to all, except some service account. Another procedure (encrypted) will be used to insert and update data.
I am open for alternative design suggestions, provided I could provide data in a view to service accounts (to avoid extensive changes to application infrastructure).
↧
SQL login issue
I disabled a login in my SQL server. Now I'm not able to connect the server using windows authentication mode,as it is showing the error account is disabled & also for SQL authentication i don't know the SA password.So, I'm not able to connect
to the server in SSMS.Is there any way to connect to the server & enable the login again?.
↧
Security Login not working OdBc connection after database restore
connection failed:
SQLState: '28000'
SQL Server Error: 18456
[Microsoft][sql server Navtive Client 10.0][sql server]login failed
for user 'ACSUser'.
hi after a database restore i have the following error which pops up on a client machine. The database was restored to the previous days work.
The logins were disconnected. I created login acsuser as read and write and public.
he exists in the target database as datareader and datawriter.
any ideas? i have been struggling for days, we don't have a picture of how it was setup before the crash.
thanks, Nick
↧
↧
Password change for SQL admin account
Hi,
I want to change the password for SQL admin account. Can someone pls tell me what all places i need to update that password. I have one DB server which is being used for reporting services.
Thanks,
DN
↧
SQL Instance security and setting secured communciation SSL
Hi Team,
We are looking for hardening SQL Server and Instances running on it. Its a 3 Node WSFC with multiple instances with AG. What are the possible ways implementing hardening to SQL instances? What are the different kind of security measures do we have in SQL (encrypting Instance, SSL etc.) . Pls. guide. Thanks
Regards,
↧
Regenerate Database Encryption Key with Server Certificate fails
I can't regenerate a database encryption key after upgrading to Sql Server 2016. The syntax I am using was used in Sql 2014 with no issue.
ALTER DATABASE ENCRYPTION KEY
REGENERATE WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE CertName;
This fails with a incorrect syntax near 'Encryption'. The failure says it is the encryption in this line, ENCRYPTION BY SERVER CERTIFICATE .
↧