Hi

   I have created user login called "login1". There are two databases on Servers "MYDB1" and "MYDB2". I want user "login1" to access only database "MYDB1" , but not "MYDB2" (So if "login1" use "use MYDB2" command on sqlcmd it should give error").

   Currently under Login Properties->User Mapping for "login1" has only database checked is "MYDB1". I have also under "Securable->View any Database" "Deny" options is checked.

   But even though after all these settings "login1" can access the database "MYDB2" (Yes it can't access the objects in the database). BTW I am using "Application Role" in my application so "guest" account is enable on both databases so I can create view in one database based on data in other database. So I don't have option to turn off guest account. So am I still missing any settings so "login1" can't access the "MYDB2" (e.g. "use MYDB2" should give error)?

thanks

Drew

hey,

i have a problem, to import a self signed openssl certificate into the sql server 2005.

my final idea is to get encrypted columns from the database over an jdbc connection in a java client.

when i use a certificate generated by the sql server 2005, i can encryt columns of a table. then i catch the

the result in my java client. but in java, i need a keystore with the private key of the certificate.

ok. i have export the the certificate and the private key of the sql server 2005.

problem: in a keystore i can only import the certificate (signed public key) but not the private key.

my new idea is to import an openssl certificate or an certificate generated by the keytool (java) into the

sql server 2005 and encypt the data with the imported certificate. Problem: The SQL Server give me an

Exception: (Sorry i drag & drop the exception, is written in german)

My Import Statement is:

I use password encryption, and not the internal master key (or service master key)

Hope for help :)

nils

Hi,

What's the best/easiest way of setting up a database role that grants all the permissions but the schema changes within the database scope? E.g. I want the users in this role to be able to change data, execute sps, or see the execution plan...; but they cannot create a new table or drop a column.

I'm using SQL2012. And I need to apply this setting to all the user databases on a server instance. So it would be even better if I can just set it up once at server level rather than on each individual databases.

Thanks.

Hi,

I'm relative new to SQL Server and SSDT.

Today I exported some existent DBs from a Server to SSDT Projects. As I am interested in understanding the tools, i configured the wizard to export everything possible, including Logins and premissions.

Within the SSDT Projects I now find every single Login scripted as "CREATE Login with Password= ..." . But the password I see within the script is not the password which ist actually set on the SQL Server!?

So, here are my questions:

- is this a kind of "security feature" or am I doing something totaly wrong?

- Is it possible for a  developer with access to the SSDT Project (i.e. 'who sees the script within the project') to get knowledge about the password used for the login on the SQL Server?

Thank you very much for your time and help! 

hi,

after fresh installation of sql 2008 r2 sp2 64bit on 2008 r2 64bit.everythins actually fine.

only problem ive got. now i need to assign one viewet account to one of my databases..

but the problem is when i set users security role to public sql doesnt allowed to login.

if i choose sysadmin on same account for sure account is able to connect over odbc.

from sql server options windows and sql auth has been setted allready.

from another server in my domain when i tried to connect over odbc this error accurts.

connection failed

sqlstate : 28000

sql server  error 18456

microsoft -odbc sql server driver-sql server-login failed user dataextract..

Any ideas?

thnx in advance..

Regards

Hello,

I've been tearing my hair out with this one so any help would be great! I have a double hop NTLM authenticaton issue. A connection was failing under [NT AUTHORITY\ANONYMOUS LOGON] so I checked the server and the SQL Server service account was running under a domain account. I have registered a SPN, using the follow setspn.exe command:-

setspn.exe -A MSSQLSvc/FQDN:1433 Domain\Account

But the problem remains. I have checked AD and the server is setup for Kerberos delegation. Am I missing something?

Andrew

I am attempting to setup SSL with SQL Server 2005. I do not wish to have the domain account that is running the SQL Server Service be an administrator.  What rights/permissions does this account require in order to start sql server with an SSL certificate?

I have tried putting the certificate in the local store but you need to be an admin to see it there.  If I put the certificate in SQL Server Service account's personal store, I can't start sql server. "The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x8009030d. Check certificates to make sure they are valid." Is the error I get.

Thank you for your help.

In SQL 2012 I can only view the Server Logins on our Production and Beta servers in which I'm either the login (windows) or I'm in a windows group which has a login.  I can see all the logins in the development servers.

The only difference in the environments I believe is that in Dev environments I have db_owner and in beta/prod I do not.

Was this a change in 2012?  Anyway to give a user permission to view the server logins?

Hi,

I am restoring the backups of two complete servers. One is my active directory server and the other is my SQL server. The SQL server backup is two days older than the AD server backup. Is this likely to cause any AD syncing issues?

.Cheers

I have approximately 60 desktops using a 3rd party app that connects to MS SQL Server.  We have configured the server to listen on port 1021, and verified that approximately 45/60 clients connect just fine but the other 15 cannot.  The error received upon connection attempt is:

Error Message: HRESULT: 80004005, Code: 6, Source: Microsoft OLE DB Provider for SQL Server

Description: [DBNETLIB] [ConnectionOpen (Connect()).]Specified SQL Server not found.

Connection string format being used is <servername>, <port#>

It works for some clients, but not others.  If I change the app to use default port in the connect string, it connects successfully.  Firewall has been ruled out, according to the networking people since connectivity to that server and port is successful on the problematic machines.  All clients on same network/subnet, etc.

My guess is some other application, package or SQL Server client is installed on the machine that is conflicting with DBNETLIB or the client DLL being used.  I just don;t know what to set to trace or log to find out what it may be.

any help is appreciated.

HI There

I have a user login that is executing an sp. It gets the follwoing error:

Msg 229, Level 14, State 5, Procedure sp_OACreate, Line 1

EXECUTE permission denied on object 'sp_OACreate', database 'mssqlsystemresource', schema 'sys'.

Msg 229, Level 14, State 5, Procedure sp_OAMethod, Line 1

EXECUTE permission denied on object 'sp_OAMethod', database 'mssqlsystemresource', schema 'sys'.

Msg 229, Level 14, State 5, Procedure sp_OAMethod, Line 1

EXECUTE permission denied on object 'sp_OAMethod', database 'mssqlsystemresource', schema 'sys'.

Msg 229, Level 14, State 5, Procedure sp_OAMethod, Line 1

EXECUTE permission denied on object 'sp_OAMethod', database 'mssqlsystemresource', schema 'sys'.

Msg 229, Level 14, State 5, Procedure sp_OAGetProperty, Line 1

EXECUTE permission denied on object 'sp_OAGetProperty', database 'mssqlsystemresource', schema 'sys'.

Msg 229, Level 14, State 5, Procedure sp_OAGetProperty, Line 1

EXECUTE permission denied on object 'sp_OAGetProperty', database 'mssqlsystemresource', schema 'sys'.

Msg 229, Level 14, State 5, Procedure sp_OADestroy, Line 1

EXECUTE permission denied on object 'sp_OADestroy', database 'mssqlsystemresource', schema 'sys'.

Everything ic an find on the net refers to Sql Server 2000 but this is 2005, all the resolutions say you must grant exec permissions to the user account for these sp's in the master database.

BUT is SS2005 they are in the mysqlsystemresource database.

WHen i try the following

grantexecon mssqlsystemresource.sys.sp_OACreate to UserLogin:

 I get this error:

Cannot find the object sp_OACreate, becuase the object does not exist or you do not have permission.

I am logged in as sysadmin so i doubt it is permission.

How do i get a user login to be able to exec these sp's?

Thanx

My E drive on the SQL server machine (Windows 2008 32 bit) ran out of space. So I moved all the log files and a *.trc file, *.log files and SQLAgent.* files to another folder. The SQL server was still working. By the time I got more space added to my E:drive and restarted the machine, I keep getting this error:

The SQL Server (MSSQLSERVER) service terminated with service-specific error 17058 (0x42A2).

I tried these steps:

1. logged on as myself (local admin account)

2. changed start type to manual

None of the above has worked.

Could you pls. help. This is a production server!!!

Hi,

I"m having image data file in db like 0xOHSGSDSD....

I've to convert that datafile to image file as jpeg through sql command . 

Is any sql scripts available?

Hi There

When i go to configuration manager and change the sql server service to run as a domain account i get the following error:

No mapping between account names and security IDs was done.

This is Sql Server Express running on a domain controller - Windows Server 2003 R2.

Everything i find ont he net refer to IIS, DHCP etc etc , i cannot find the issue regrading sqls server configuration manager.

Thanx

In ASP.NET MVC 3 application I have an asp.net forms authentication. The membership passwordFormat property is set to Hashed. Before it uses Oracle database to store the user information. Now I need to migrate it to SQL Server 2008, but there is an issue with encrypted password in Oracle. SQL Server doesn't recognize it as valid ( I moved it with copy/paste from Oracle to SQL Server).

Could you tell me is there any difference in encryption algorithm between Oracle membership provider and SQL Server, and how can I recover the password 1:1 from Oracle?

I created an assembly that up until recently has been working great.

About a week ago, some changes were made to the database (I believe it was set to TRUSTWORTHY) and now my assembly will not run (see error below) due to what appears to be a permissions-relation problem.

This is not a super-secure application, its very small and I just need to get it working.

Any help would be appreciated!

Executed as user: NT SERVICE\SQLSERVERAGENT. ... load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE. Run the query again, or check documentation to see how to solve the assembly trust issues. For more information about this error:   System.IO.FileLoadException: Could not load file or assembly 'outputxml, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An error relating to security occurred. (Exception from HRESULT: 0x8013150A)  System.IO.FileLoadException:      at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)     at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)     at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean forIntrospection)     at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)     at System.Reflection.Assembly.Load(String assemblyString) [SQLSTATE 42000] (Error 10314)  An error occurred in the Microsoft .NET Framework while trying to load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE. Run the query again, or check documentation to see how to solve the assembly trust issues. For more information about this error:   System.IO.FileLoadException: Could not load file or assembly 'outputxml, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An error relating to security occurred. (Exception from HRESULT: 0x8013150A)  System.IO.FileLoadException:      at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)     at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)     at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean forIntrospection)     at System.Reflection.RuntimeAssembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)     at System.Reflection.Assembly.Load(String assemblyString) [SQLSTATE 42000] (Error 10314)  An error occurred in the Microsoft .NET Framework while trying to load assembly id 65536. The server may be running out of resources, or the assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or UNSAFE. Run the query again, or check documentation to see how to solve the assembly trust issues. For more information about this error:   System.IO.FileLoadException: Could not load file or assembly 'outputxml, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An error relating to security occurred. (Exception from HRESULT: 0x8013150A)  System.IO.FileLoadException:      at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, Stack...  The step failed.

Hi,

Last week we purchased a new Windows 8 laptop and successfully installed Navision 2009 and was connecting to the server fine.

During the weekend I tried to connect remotely from home and experienced the above error. Since being back in the office this week I have been getting the same thing.

I have also noticed that my mapped drives are requiring me to re-enter my credentials everytime I restart the computer.

I think the key thing to note through all this, is that the connection was working fine last week, then it has deteriorated.

I have inserted clippings of two instances of the error.

Hey. I want to encrypt data on SQL-Server and decrypt it on a .NET application.The best way in my Situation was to use Certificates.

In my Test DB i had to create a Master-Key:

CREATE MASTER KEY ENCRPTION 
BY PASSWORD = 'TestEncryption1212'

Then I created a certificate on SQL-Server

CREATE CERTIFICATE TestCertificate1212
WITH SUBJECT = 'TestEncryption1212'

Next I exported it to the File-System:

BACKUP CERTIFICATE TestCertificate1212
TO FILE = 'C:\temp\TestCertificate1212.cer'
WITH PRIVATE KEY (
	FILE = 'C:\temp\TestPrivateKey1212.pvk',
	ENCRYPTION BY PASSWORD = 'TestEncryption1212'
	)

If I add a

DECRYPT BY PASSWORD = 'TestEncryption1212'

I get an error which says that the Private Key is encrypted by the master password.

I encrypt a Collumn in my Test DB

ALTER TABLE dbo.Encrypt
ADD EncryptedCol varbinary (256)

UPDATE dbo.Encrypt
SET EncryptedCol = 
	ENCRYPTBYCERT(
		CERT_ID('TestCertificate1212'),
		ClearTextCol
	)

so far, so good.

Next Step is to generate a PFX file which combines the certificate with the privatekey file

I change the directory in cmd to the folder where the pvk2pfx.exe is and execute it:

>cd "Program Files\Microsoft SDK
s\Windows\v6.1\Bin">pvk2pfx.exe -pvk C:\temp\TestPrivateKey1212.pvk -spc C:\temp\TestCertificate1212.cer -pfx C:\temp\TestPFX.pfx

In my .NET application (C#-ConsoleApplication)  I get the Data via an SqlConnection ..  I pass the data on to a Function which I called

public string DecryptDocIDWithFileCert(string pfxFilePath, byte[] EncryptedDocID)

This function should open the Certificate and decrypt the Data and return the clear Text back to the Application:

public string DecryptDocIDWithFileCert(string pfxFilePath, byte[] EncryptedDocID)
{
	string DecryptedDocID = "";
	X509Certificate2 cert = new X509Certificate2(pfxFilePath, "TestEncryption1212");
	if (cert == null)
	{
		throw new Exception("Certificate " + pfxFilePath + " Does not exist");
	}
	if (cert.HasPrivateKey)
	{
		RSACryptoServiceProvider RsaCSP = (RSACryptoServiceProvider)cert.PrivateKey;
		byte[] ret = RsaCSP.Decrypt(EncryptedDocID, true);
		if (ret == null)
		{
			throw new Exception("Decryption with RSA failed");
		}
		DecryptedDocID = System.Text.Encoding.UTF8.GetString(ret);
	}
	else
	{
		throw new Exception("Certificate " + pfxFilePath + " has no Private Key; ");
	}

	return DecryptedDocID;
}

When it comes to decrytion i get the Error:

System.Security.Cryptography.CryptographicException: The specified network password is not correct.

   at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
   at TestDecryption.MyDecryptor.DecryptDocIDWithFileCert(String pfxFilePath, Byte[] EncryptedDocID) in C:\Users\developmentUser\Documents\Visual Studio 2008\Projects\TestDecryption\TestDecryption\MyDecryptor.cs:line 57
   at TestDecryption.Program.Main(String[] args) in C:\Users\developmentUser\Documents\Visual Studio 2008\Projects\TestDecryption\TestDecryption\Program.cs:line 37

I am tired of searching for the error. Is there anybody out there who sees the error and can tell me what I'm doing wrong. I think it the problem is that the Private Key is encrypted with the Master Key and I can't decrypt it. I think all what i would need is an sql statement where I can set the password for the privat key without the Master Key ? Or am I on a completly wrong way?

Please help me!