Microsoft JDBC Driver MS SQL + Android

April 5, 2017, 1:55 am

≫ Next: Error: 18456, Severity: 14, State: 38. Login failed for user 'user_sql'. Reason: Failed to open the explicitly specified database 'ReportServer'. [CLIENT: ]

≪ Previous: Cross database ownership chaining not working - sql server 2014

$

0

0

Hello. I have the next error, when i try to connect from android app to MS SQL Server 2016:

04-04 09:37:07.532 6105-7804/com.fitness W/System.err: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Socket closed". ClientConnectionId:5a78316f-170c-45f0-a061-c472c8b169e0
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at java.sql.DriverManager.getConnection(DriverManager.java:179)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at java.sql.DriverManager.getConnection(DriverManager.java:144)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.fitness.screens.TabDevicePO3$AsyncRequest.doInBackground(TabDevicePO3.java:514)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at com.fitness.screens.TabDevicePO3$AsyncRequest.doInBackground(TabDevicePO3.java:490)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:292)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:237)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
04-04 09:37:07.532 6105-7804/com.fitness W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
04-04 09:37:07.533 6105-7804/com.fitness W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
04-04 09:37:07.533 6105-7804/com.fitness W/System.err:     at java.lang.Thread.run(Thread.java:818)
04-04 09:37:07.533 6105-7804/com.fitness W/System.err: Caused by: java.net.SocketException: Socket closed
04-04 09:37:07.533 6105-7804/com.fitness W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
04-04 09:37:07.535 6105-7804/com.fitness W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318)
04-04 09:37:07.536 6105-7804/com.fitness W/System.err:     at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)

Please, help me. How I can solve this problem?

---

Error: 18456, Severity: 14, State: 38. Login failed for user 'user_sql'. Reason: Failed to open the explicitly specified database 'ReportServer'. [CLIENT: ]

July 24, 2018, 5:01 pm

≫ Next: Cant login to database engine as AD group member

≪ Previous: Microsoft JDBC Driver MS SQL + Android

$

0

0

Hi all,

My log is flooding with the following error:

Login failed for user 'user_sql'. Reason: Failed to open the explicitly specified database 'ReportServer'. [CLIENT: <local machine>]
Error: 18456, Severity: 14, State: 38.

In my instance I don't have any 'ReportServer' database and I think that this server was migrated in the past from another server that probably had this 'ReportServer' database attached.

How can I make this error stops? It's a production environment and I can't simply drop the user and recreate it because I don't know everything this user does.

Any help would be awesome.

Thanks.

Rod

Cant login to database engine as AD group member

July 25, 2018, 9:46 am

≫ Next: Create External Source from Azure Sql database

≪ Previous: Error: 18456, Severity: 14, State: 38. Login failed for user 'user_sql'. Reason: Failed to open the explicitly specified database 'ReportServer'. [CLIENT: ]

$

0

0

fresh install of SQL Server 2016 I set Server authentication to mixed mode.

I can login as SA with SQL authentication

I can not login with windows authentication as a member of the group I gave full access to.

The login for that group has been mapped to sysadmin role

Ideas?

---

David Sheetz MCP

Create External Source from Azure Sql database

July 18, 2016, 2:11 am

≫ Next: SQL SERVER SECURITY

≪ Previous: Cant login to database engine as AD group member

$

0

0

Doing this:

CREATEDATABASE SCOPED CREDENTIAL testWITHIDENTITY='XXXX\XXXXXX',
SECRET ='superpass';CREATE EXTERNAL DATA SOURCE testWITH(
    TYPE=RDBMS,
    LOCATION='XX.XX.XX.XX',
    DATABASE_NAME='test',
    CREDENTIAL=test);CREATE EXTERNAL TABLE[dbo].[te]([id][smallint]NOTNULL,[dd][smallint]NOTNULL)WITH( DATA_SOURCE = test)

then, try to select from dbo.te:

select*from dbo.te

Got Error retrieving data from one or more shards. The underlying error message received was: 'A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)'.

what i can do? )

SQL SERVER SECURITY

July 26, 2018, 6:56 am

≫ Next: CLR Strict Security: It is still not very clear to me

≪ Previous: Create External Source from Azure Sql database

$

0

0

DEVELOPED THE BELOW SCRIPT 

FACING ISSUES FOR ADJUSTMENTAMOUNTS_IN

USE [master];

CREATE LOGIN [RestrictedUser] WITH PASSWORD = 'No way? Yes way!';
GO
CREATE DATABASE [DatabaseB]
GO
CREATE DATABASE [DatabaseA]
GO
USE [DatabaseA];
GO
CREATE USER [RestrictedUser] FOR LOGIN [RestrictedUser];

GO
CREATE FUNCTION dbo.DataFromOtherDB()
RETURNS @Results TABLE ([SomeValue] INT)
AS
BEGIN
    INSERT INTO @Results ([SomeValue])
        SELECT [SomeValue]
        FROM   DatabaseB.dbo.LotsOfValues;

    RETURN;
END;
GO

CREATE TABLE [dbo].[SecurityMapping](
[ID] [int] IDENTITY(1,1) NOT NULL,
[DATAAREAID] [nvarchar](4) NOT NULL,
[AccesibleDBRole] [nvarchar](128) NULL,
[IsActive] [bit] NULL
) ON [PRIMARY]

GO

CREATE FUNCTION [dbo].[FNR_ADJUSTMENTAMOUNTS_IN] () RETURNS @ADJUSTMENTAMOUNTS_IN TABLE
 
(
      [ADJUSTMENTAMOUNT] [NUMERIC]
    , [TAXCOMPONENTTABLE] [BIGINT]
    , [TAXREGISTRATIONNUMBERTABLE] [BIGINT]
    , [DATAAREAID] [NVARCHAR](4)
    , [RECVERSION] [INT]
    , [PARTITION] [BIGINT]
    , [RECID] [BIGINT]

) AS BEGIN

INSERT INTO @ADJUSTMENTAMOUNTS_IN 
SELECT 
UD.ADJUSTMENTAMOUNT, 
UD.TAXCOMPONENTTABLE, 
UD.TAXREGISTRATIONNUMBERTABLE, 
UD.DATAAREAID,
UD.RECVERSION, 
UD.PARTITION, UD.RECID 
FROM [MicrosoftDynamicsAX].dbo.[ADJUSTMENTAMOUNTS_IN] UD
JOIN dbo.SecurityMapping  SEC ON SEC.DATAAREAID= UD.DATAAREAID 
  AND   Is_Member( SEC.AccesibleDBRole)= 1  
 
RETURN; END 

GO

GRANT SELECT ON [dbo].[FNR_ADJUSTMENTAMOUNTS_IN] TO [RestrictedUser];
GRANT SELECT ON  dbo.DataFromOtherDB TO [RestrictedUser];
GO
---

USE [DatabaseB];
go
CREATE TABLE dbo.[LotsOfValues]
(
    [LotsOfValuesID] INT IDENTITY(1, 1) NOT NULL
        CONSTRAINT [PK_LotsOfValues] PRIMARY KEY,
    [SomeValue] INT
);

INSERT INTO dbo.[LotsOfValues] VALUES
    (1), (10), (100), (1000);
GO

---

CREATE TABLE [dbo].[ADJUSTMENTAMOUNTS_IN](
[ADJUSTMENTAMOUNT] [numeric](32, 16) NOT NULL DEFAULT ((0)),
[TAXCOMPONENTTABLE] [bigint] NOT NULL DEFAULT ((0)),
[TAXREGISTRATIONNUMBERTABLE] [bigint] NOT NULL DEFAULT ((0)),
[DATAAREAID] [nvarchar](4) NOT NULL DEFAULT ('dat'),
[RECVERSION] [int] NOT NULL DEFAULT ((1)),
[PARTITION] [bigint] NOT NULL DEFAULT ((5637144576.)),
[RECID] [bigint] NOT NULL,
 CONSTRAINT [I_8100RECID] PRIMARY KEY CLUSTERED 
(
[RECID] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

ALTER TABLE [dbo].[ADJUSTMENTAMOUNTS_IN]  WITH CHECK ADD CHECK  (([RECID]<>(0)))
GO

ALTER TABLE [dbo].[ADJUSTMENTAMOUNTS_IN]  WITH CHECK ADD CHECK  (([RECID]<>(0)))
GO
USE [DatabaseA];
SELECT * FROM [dbo].[FNR_ADJUSTMENTAMOUNTS_IN] ()
SELECT * FROM  dbo.DataFromOtherDB ()
EXECUTE AS LOGIN = 'RestrictedUser';

--SELECT * FROM [dbo].[FNR_ADJUSTMENTAMOUNTS_IN] ();
SELECT * FROM  dbo.DataFromOtherDB ()

GO
REVERT;

CREATE CERTIFICATE [AccessOtherDB]
    ENCRYPTION BY PASSWORD = 'SomePassword'
    WITH SUBJECT = 'Used for accessing other DB',
    EXPIRY_DATE = '2099-12-31';

ADD SIGNATURE TO [dbo].[FNR_ADJUSTMENTAMOUNTS_IN] BY CERTIFICATE [AccessOtherDB] WITH PASSWORD = 'SomePassword';
ADD SIGNATURE TO dbo.DataFromOtherDB BY CERTIFICATE [AccessOtherDB] WITH PASSWORD = 'SomePassword';

DECLARE @CertificatePublicKey NVARCHAR(MAX) =CONVERT(NVARCHAR(MAX), CERTENCODED(CERT_ID(N'AccessOtherDB')), 1);
EXEC (N'USE [DatabaseB];CREATE CERTIFICATE [AccessOtherDB] FROM BINARY = ' + @CertificatePublicKey + N';');
EXEC (N'USE [DatabaseB];CREATE USER [AccessOtherDbUser] FROM CERTIFICATE [AccessOtherDB];
GRANT SELECT ON [dbo].[ADJUSTMENTAMOUNTS_IN] TO [AccessOtherDbUser];
GRANT SELECT ON [dbo].[LotsOfValues] TO [AccessOtherDbUser]
');


EXECUTE AS LOGIN = 'RestrictedUser';
select * from dbo.DataFromOtherDB()
-- Success!!
EXECUTE AS LOGIN = 'RestrictedUser';
SELECT * FROM dbo.[FNR_ADJUSTMENTAMOUNTS_IN]();
---- FAILED!

CLR Strict Security: It is still not very clear to me

July 26, 2018, 9:25 pm

≫ Next: SQL SERVER DATABASE WITH SELF SINGNED CERTIFICATE(MODULE SIGNED)

≪ Previous: SQL SERVER SECURITY

$

0

0

I've read the text on https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/clr-strict-security?view=sql-server-2017. I have also read the comments and the articles referred to in the comments. It is still not very clear to me. 

I have the following questions:

1. Why is Code Access Security no longer supported as a security boundary? Has it become unsafe? Or was it always unsafe from the beginning. Or does Microsoft decided to use something else? Or is it perhaps incompatible with .Net Core or SQL Server on Linux?

2. If all assemblies are considered (potientially) unsafe, does signing them make them make them safer? Or is it just a way to prevent unauthorized loading of assemblies? (Or even worse, just a way to discourage loading assemblies?)

3. Why is CLR strict security enabled by default on SQL Server 2017, and not on lower (patched) versions? 

4. Is Code Access Security no longer supported as a security boundary only on SQL Server 2017? Or on all versions, starting with SQL Server 2005?

5. Is setting CLR strict security to disabled a real security risk? How does this differ from older versions, starting with SQL Server 2005 with clr enabled? Does downgrading to SQL Server 2016 make things safer?

6. How easy is it to exploit this, compared to other untrusted (virtually all) software? Or, if you need something more specific to answer, compared to extended stored procedures?

I have tried to comment on the page, but it doesn't let login properly.

SQL SERVER DATABASE WITH SELF SINGNED CERTIFICATE(MODULE SIGNED)

July 27, 2018, 12:30 am

≫ Next: SQL Server 2017 generate an error running on Ubuntu Linux Server 17.10 when trying to change the Login auditing.

≪ Previous: CLR Strict Security: It is still not very clear to me

$

0

0

HI All,

Please to create self signed certificate on DB and Always on database ,so do we have any issue for the existing functionality .What are the implication have with SELF SIGNED CERTIFICATE AND MODULE SIGNED 

SQL Server 2017 generate an error running on Ubuntu Linux Server 17.10 when trying to change the Login auditing.

December 18, 2017, 8:51 am

≫ Next: Unable to add the local administrators group to SQL Server administrators

≪ Previous: SQL SERVER DATABASE WITH SELF SINGNED CERTIFICATE(MODULE SIGNED)

$

0

0

On my situation, I have a VM running an Ubuntu Linux Server 17.10 with SQL Server 2017 Developer Edition. I tried to change the Login auditing behaviour to log "Both failed and successfull logins". However, when I pushed the OK button, I received the following message from SSMS:

"TITLE: Microsoft SQL Server Management Studio
------------------------------

Alter failed for Server '10.0.0.130'.  (Microsoft.SqlServer.Smo)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=12.0.4449.0+((SQL14_SP1_QFE-CU).160413-1153)&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Alter+Server&LinkId=20476

------------------------------
ADDITIONAL INFORMATION:

An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)

------------------------------

A severe error occurred on the current command.  The results, if any, should be discarded. (Microsoft SQL Server, Error: 0)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&ProdVer=14.00.3008&EvtSrc=MSSQLServer&EvtID=0&LinkId=20476

------------------------------
BUTTONS:

OK
------------------------------
"

When I script out the action, it would tell me a bit more:

"Msg 0, Level 11, State 0, Line 2
A severe error occurred on the current command.  The results, if any, should be discarded.
"

Query looks like this:

USE [master]
GO
EXEC xp_instance_regwrite N'HKEY_LOCAL_MACHINE', N'Software\Microsoft\MSSQLServer\MSSQLServer', N'AuditLevel', REG_DWORD, 3
GO

SQL version:

Microsoft SQL Server 2017 (RTM-CU2) (KB4052574) - 14.0.3008.27 (X64)
    Nov 16 2017 10:00:49
    Copyright (C) 2017 Microsoft Corporation
    Developer Edition (64-bit) on Linux (Ubuntu 17.10)

The question is: Is this an intended "feature" or the problem is in my computer? It's a quiet annoying error.

Thanks in advance for any comments!

---

Unable to add the local administrators group to SQL Server administrators

February 26, 2016, 12:17 am

≫ Next: Salted vs NonSalted Password

≪ Previous: SQL Server 2017 generate an error running on Ubuntu Linux Server 17.10 when trying to change the Login auditing.

$

0

0

Hi Team 

I am trying to add local server (windows) administrator group to SQL server administrator group, by creating new login on sql server  but i am getting below mentioned error 


While configuring SQL server i forgot to add local group as administrator and now i am trying to do manually from SQL server management studio, Please guide what cloud be a possible reason for this error.

Regards

Dushyant Padhya 

---

TFS and SQL installation and configuration

Salted vs NonSalted Password

July 27, 2018, 6:55 am

≫ Next: Role to application user

≪ Previous: Unable to add the local administrators group to SQL Server administrators

$

0

0

I have been asked to store a salt in  table that consists of the columns user and password_h

I understand I can store the salt in the password column. (I don't need to worry about hashing, just storing the salt in the password_h column.

Anyhow, I was also sent a non-salted password to store. How do I implement that? I have the salt and the non-salt. I inserted the salt into the password_h column, but what do I do with the non-salt?

Role to application user

July 31, 2018, 1:56 am

≫ Next: Cannot login using Windows Authentication outside of SSMS

≪ Previous: Salted vs NonSalted Password

$

0

0

I have a database in AlwaysOn. The database is connected to an application. There is a user created for application. But that user works only if the sys admin role is given. I want to give only the data read, write and sp execute rights to that user.

Cannot login using Windows Authentication outside of SSMS

July 31, 2018, 6:41 pm

≫ Next: Restore one TDE database from a TDE instance to another TDE instance

≪ Previous: Role to application user

$

0

0

 Hi,

I recently upgraded my windows to insider build 17713.rs5_release.180706-1551. After doing so am unable to connect to SQL-Server outside of SSMS with NT Security. For <g class="gr_ gr_28 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep" data-gr-id="28" id="28">example</g> running the following script fails:

$Global:DatabaseName  = ".";
$Global:ServerAddress = "TRISDEmo";

$Query_TestConnection = "SELECT TOP 1 * FROM AM"

if ((Invoke-Sqlcmd -Query $Query_TestConnection -ServerInstance $Global:ServerAddress -Database $Global:DatabaseName) -ne $null ) {
	## Re-enable buttons and combo boxes
	$btnEvaluate.Enabled   = $true;
	$btnRun.Enabled        = $true;
	$cbSource.Enabled      = $true;
	$cbDestination.Enabled = $true;

	## fill combo boxes
	$Query_GetManagers = "SELECT AMName + ' (' + AMID + ')' FROM AM ORDER BY AMName"
	$ManagerList = Invoke-Sqlcmd -Query $Query_GetManagers -ServerInstance $Global:ServerAddress -Database $Global:DatabaseName

	foreach ($item in $ManagerList) {
		$cbSource.Items.Add($item.ItemArray[0]);
		$cbDestination.Items.Add($item.ItemArray[0]);
	}
}

With the following error message:

Invoke-Sqlcmd : A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not 
accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 
40 - Could not open a connection to SQL Server)

This is also affecting my connection from an application called TRIS which connects to an SQL database. As stated if I try to connect to SSMS directly, I can, using my windows login, from another source I have to use an SQL login.

Any help would be much appreciated!

Restore one TDE database from a TDE instance to another TDE instance

July 31, 2018, 12:28 pm

≫ Next: Database auditing to track DB Admin Changes

≪ Previous: Cannot login using Windows Authentication outside of SSMS

$

0

0

I have to instances both with their specific certificates.

I need to restore a TDE encrypted database from the original instance TDE1 (with master key and certificate1) to a destination instance TDE2 (encrypted with a new master key and certificate2). I found that during restore on TDE2 , the master key does not need to be recreated and the restored certificate on TDE2(destination) does not need to be named same as the one on certificate1, but any name as long as is the restore using the public and the private key from the TDE1 certificate key.

Steps: for testing I started with 2 unencrypted instances

Restore database (unencrypted) on TDE1

On TDE1 , create master key, cert1 and encrypt database with cert 1

On TDE2, create master Key, cert 2, create certificate using the public and private key from cert 1 (it can be any name not same as the one on TDE1)

Restore database works (since have the cert restored), then I can encrypt with the certificate 2 which is the default on TDE2, and then can drop certificate 1 on TDE1 which I used just temporary in order to restore the database.

However , my 2 instances are both on the same workstation, which will not be the case on the servers.

Question: 1. will the scripts work the same if restored from TDE1 on one server to TDE2 on second server?

2. Is there anything else changing due to the fact that I am testing 2 instances on the same server while the restore will be on instances located on separate servers?

Thank you,

Testing:

1. Instance TDE1
--restore over TDE1 instance (instance not encrypted yet)

USE [master]
RESTORE DATABASE [AdventureWorks2014] FROM  DISK = N'C:\Program Files\Microsoft SQL Server\MSSQL12.TDE1\MSSQL\Backup\AdventureWorks2014.bak'
 WITH  FILE = 1, 
 MOVE N'AdventureWorks2014_Data' TO N'C:\Program Files\Microsoft SQL Server\MSSQL12.TDE1\MSSQL\DATA\AdventureWorks2014_Data.mdf', 
 MOVE N'AdventureWorks2014_Log' TO N'C:\Program Files\Microsoft SQL Server\MSSQL12.TDE1\MSSQL\DATA\AdventureWorks2014_Log.ldf',  NOUNLOAD,  STATS = 5

USE [master];
GO

-- Create the database master key
-- to encrypt the certificate
CREATE MASTER KEY
  ENCRYPTION BY PASSWORD = 'FirstServerPassw0rd!';
GO

-- Create the certificate we're going to use for TDE
CREATE CERTIFICATE TDE1ServerCert
  WITH SUBJECT = 'TDE1 Server Cert for Test';
GO

-- Back up the cert
BACKUP CERTIFICATE TDE1ServerCert
  TO FILE = N'C:\Share\TestingTDERestore\TDE1Cert.cer'
  WITH PRIVATE KEY (
    FILE = N'C:\Share\TestingTDERestore\TDE1Cert_key.pvk',
 ENCRYPTION BY PASSWORD = 'TDE1ServerP4ssw0rd!'
  );
GO

-- Create the DEK
USE [AdventureWorks2014];
GO

CREATE DATABASE ENCRYPTION KEY
  WITH ALGORITHM = AES_256
  ENCRYPTION BY SERVER CERTIFICATE TDE1ServerCert;
GO

USE [master];
GO

-- Turn on TDE
ALTER DATABASE [AdventureWorks2014]
  SET ENCRYPTION ON;
GO
--This starts the encryption process on

-- We're looking for encryption_state = 3
SELECT DB_Name(database_id) AS 'Database', encryption_state
FROM sys.dm_database_encryption_keys;

/*
Database encryption_state
tempdb 3
AdventureWorks2014 3
*/

--take backup of AdventureWorks2014
--remove first the original backup which was not encrypted
--this backup is encrypted
BACKUP DATABASE [AdventureWorks2014]
TO DISK =  N'C:\Program Files\Microsoft SQL Server\MSSQL12.TDE1\MSSQL\Backup\AdventureWorks2014.bak';
GO

2. Instance TDE2

USE [master];
GO

-- Create the database master key
-- to encrypt the certificate
CREATE MASTER KEY
  ENCRYPTION BY PASSWORD = 'SecondServerPassw0rd!';

-- Create the certificate we're going to use for TDE
CREATE CERTIFICATE TDE2ServerCert
  WITH SUBJECT = 'Second TDE Cert for Test';
GO

-- Back up the certificate
BACKUP CERTIFICATE TDE2ServerCert
  TO FILE = N'C:\Share\TestingTDERestore\TDE2Cert.cer'
  WITH PRIVATE KEY (
    FILE = N'C:\Share\TestingTDERestore\TDE2Cert_key.pvk',
 ENCRYPTION BY PASSWORD = 'TDE2ServerP4ssw0rd!'
  );
GO

-- Restoring the certificate, with the private and public key
--I had to enable NTFS read permissions on the cer and pvk files
CREATE CERTIFICATE TDECert
  FROM FILE =  N'C:\Share\TestingTDERestore\TDE1Cert.cer'
  WITH PRIVATE KEY (
    FILE = N'C:\Share\TestingTDERestore\TDE1Cert_key.pvk',
 DECRYPTION BY PASSWORD = 'TDE1ServerP4ssw0rd!'  );

--works this show the certificate has to be there not necessarily same name
USE [master]
RESTORE DATABASE [AdventureWorks2014] FROM  DISK = N'C:\Program Files\Microsoft SQL Server\MSSQL12.TDE2\MSSQL\Backup\AdventureWorks2014.bak'
 WITH  FILE = 1, 
 MOVE N'AdventureWorks2014_Data' TO N'C:\Program Files\Microsoft SQL Server\MSSQL12.TDE2\MSSQL\DATA\AdventureWorks2014_Data.mdf', 
 MOVE N'AdventureWorks2014_Log' TO N'C:\Program Files\Microsoft SQL Server\MSSQL12.TDE2\MSSQL\DATA\AdventureWorks2014_Log.ldf',  NOUNLOAD,  STATS = 5

GO

--encrypt with the default key
USE [AdventureWorks2014]
ALTER DATABASE ENCRYPTION KEY ENCRYPTION BY SERVER CERTIFICATE  [TDE2ServerCert]

--drop temporary key from TDE1 to TDE2 since not needed now

use master

drop certificate [TDECert]

Database auditing to track DB Admin Changes

August 2, 2018, 7:35 am

≫ Next: Accessing system stored procedure within msdb database to schedule a job from a contained database using a contained user

≪ Previous: Restore one TDE database from a TDE instance to another TDE instance

$

0

0

We have SQL 2008 R2 and SQL 2014 R2 databases and we have DB Admins making changes all the time, those changes are never properly documented so I am wondering if there is a way in SQL to enable auditing to track DB Admin Adds, Deletes, Modifications, etc. so we can have documented accountability.

Accessing system stored procedure within msdb database to schedule a job from a contained database using a contained user

August 2, 2018, 1:49 pm

≫ Next: Unable to view SQL Audit logs

≪ Previous: Database auditing to track DB Admin Changes

$

0

0

I was wondering if someone can provide some insight on whether this is possible.

Under SQL 2016 I've created a contained database and a contained user within the database.  From the contained database I'm attempting to call a system stored procedure called "sp_add_job" to schedule job to run another stored procedure within the contained database.  However, when I attempt to do so, I get the following result:

Msg 14234, Level 16, State 1, Procedure sp_verify_job, Line 197 [Batch Start Line 0]

The specified '@owner_login_name' is invalid (valid values are returned by sp_helplogins [excluding Windows NT groups]).

The value of the "@owner_login_name" parameter is the contained user setup in the contained database.  Is this possible with only a sql login that is defined within SQL Server itself and not with a contained user?

Just as a test, I also created a contained user with the same name under the msdb database but that didn't work either.

If I attempt to pass in a userid into the "owner_login_name" parameter that defined as a valid SQL Server login I receive a different message:

Msg 14515, Level 16, State 1, Procedure sp_add_job, Line 54 [Batch Start Line 0]

Only a member of the sysadmin server role can add a job for a different owner with @owner_login_name.

Can anyone please provide some insight on how I may be able to accomplish what I am attempting?

The guest account is also enabled under the msdb database.

---

Unable to view SQL Audit logs

October 16, 2017, 11:46 pm

≫ Next: TDE using External CA certificate with Bit strength more than 2048 (i.e. 4096, 8192..)

≪ Previous: Accessing system stored procedure within msdb database to schedule a job from a contained database using a contained user

$

0

0

Dear Partner,

We have SQL Server and Unable to view SQL Audit logs ?

We unable to see Application, Security, etc. under Windows NT.

I got Error with following,

The given key was not present in the dictionary. (mscorlib)

------------------------------
Program Location:

   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Microsoft.SqlServer.Management.SqlManagerUI.LogMemoryStorage.AddRowNumberToSourceIndex(Int32 rowNumber)
   at Microsoft.SqlServer.Management.SqlManagerUI.LogMemoryStorage.InitializeStorage()
   at Microsoft.SqlServer.Management.SqlManagerUI.LogMemoryStorage.Initialize()
   at Microsoft.SqlServer.Management.SqlManagerUI.LogAggregator.DelegateAggregationWorkImplementation(ILogDataStorage storage)

Regards,

Regards

TDE using External CA certificate with Bit strength more than 2048 (i.e. 4096, 8192..)

August 4, 2018, 12:42 am

≫ Next: Sysadmin role via AD Domain group not working

≪ Previous: Unable to view SQL Audit logs

$

0

0

Hi Experts, 

Is it possible to use External CA certificate of bit strength more than 2048 (i.e. 4096, 8192..) for TDE implementation.

SQL Server: 2014/2016

Currently i can see it uses 2048 Bit and there is no parameter available while creation of certificate.

It feels great to be back on MSDN community. Good to see you all. 

Sysadmin role via AD Domain group not working

November 13, 2012, 11:49 am

≫ Next: Linked Server connection fails when accessing it from different source (same user)

≪ Previous: TDE using External CA certificate with Bit strength more than 2048 (i.e. 4096, 8192..)

$

0

0

Hi.  Because our number of SQL admins is increasing, I decided to create a domain group to hold them. I tried to set up access for the group on two SQL Server 2008 R2 servers: one in Windows Auth Mode, and the other in mixed mode (SQL + Windows).  I created a universal security group "SQL_Admins".   Members of the group, including myself, are also domain admins.  I also added that group to local admins group on both servers.  I created a SQL login for the group, and added that SQL login to Sysadmin server role.  I removed my individual Windows login from both servers (I had a backup account just in case I got locked out.)  In fact, I did get locked out from both servers eventhough member of the group.  What step did I miss?  Thanks.

Linked Server connection fails when accessing it from different source (same user)

August 7, 2018, 9:02 am

≫ Next: sql rights to be provided for XPcmdshell, profiler, dbmail , buil download

≪ Previous: Sysadmin role via AD Domain group not working

$

0

0

I am having troubles with my linked server configuration.

I have two servers: server1 and server2. On server 1 I have created a Linked Server object that refers to server2, using the following statement (using SSMS on server1).

EXECsp_addlinkedserver@server='INSQL', @srvproduct ='', @provider ='SQLNCLI11', @datasrc ='server2'

go

EXECsp_serveroption'INSQL','collation compatible',true

go

EXECsp_addlinkedsrvlogin'INSQL','TRUE',NULL,NULL,NULL

Go

I can right-click the server object and click Test Connection with the result that the test succeeds.

The issue that I am facing is the following: when opening SSMS on server2 (instead of server1), but still connecting to the Database Engine on server1, the Test Connection for the Linked Server fails. Giving the error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

This is very strange for me, since I am connecting to the same database engine, but apparently it matters on which server I open SSMS and do the Test Connection on the Linked Server object.

The servers are both in the same domain. In SSMS I log in using AD Windows credentials (same for both servers). I have checked the firewall on both servers, which allows traffic on TCP1433 and UDP1434. I have configured and set the DTC settings on both servers.

Any thoughts on what the issue could be?

Thanks.

sql rights to be provided for XPcmdshell, profiler, dbmail , buil download

August 7, 2018, 9:03 pm

≫ Next: Database not encrypted (Encryption Enabled state)

≪ Previous: Linked Server connection fails when accessing it from different source (same user)

$

0

0

I should allow sql user / windows login  to access the below said pointers in sql server , please suggest the type of right i should provide to ful fill this requirement 

1.Xpcmdshell command

2.Profiler 

3.DB mail accesses 

4.Bulkdownload 

thank you 

hemadribabu

---

hemadri