Quantcast
Channel: SQL Server Security forum
Viewing all 3042 articles
Browse latest View live

SSL Encryption for SQL Server on Azure VM

January 19, 2016, 9:09 am
$
0
0
I have a SQL Server running on Azure. It's stand-alone, it doesn't have any connection to an AD. Now I want to encrypt my network traffic. SSAS is already fine, you just need to force encryption. With SQL Server 2014 DB engine it's different, you need a SSL certificate for it. The question for me is: how to apply for a SSL certificate which works with SQL Server. All the instructions I found are either for a domain environment or for a web server. Companies like GoDaddy or Comodo ask you for a CSR file which ISS can create. So should I install IIS on the machine and request the CSR from there? Will SQL Server be able to use the same certificate? There seems to be some flags SQL Server needs in the certificate and I'm not sure if a web server cert has the same...

Thomas Pagel

Search

Log-shipping Interview question

February 9, 2016, 5:55 am
$
0
0

Dear All,

I got a telephonic interview , during the interview he asked me the question how will you grant a read access to new user on stand-by database in log-shipping.

Appreciate your input.

Regards

ChetanV

SQL server 2012 Cumulative Update offers TWO

November 5, 2015, 9:17 am
$
0
0

SQL Server 2012 by default ONLY support TLS1.0 which is phased out by PCI standards.

KB 3052468 located at https://support.microsoft.com/en-us/kb/3052468 supposedly provides the hotfix for this.  However, if you request the hotfix, two different hotfixes are offered:

2012_SP2_SNAC_CU6_3052468_11_0_5592_x64/11.0.5592.0/free/484541_intl_x64_zip.exe

and / OR

SQLServer2012_SP2_CU6_3052468_11_0_5592_/11.0.5592.0/free/484539_intl_x64_zip.exe

Which is the right one?

Thank you in Advance.

Powershell Script for auto backup of databases

February 10, 2016, 9:09 am
$
0
0

Hi All,

Can anyone post a PS script to take full,differential & transaction log backup.

Appreciate your help.

Brgds,

RAJ


-Raj

ASPState DB Permissions

April 12, 2007, 8:16 am
$
0
0

I need to find out what the 'Required' permissions on on the ASPState database? We have been granting dbo to the login. Thanks.

Urgent - No mapping between account names and security IDs was done error !

February 28, 2007, 7:18 am
$
0
0

Hi There

When i go to configuration manager and change the sql server service to run as a domain account i get the following error:

No mapping between account names and security IDs was done.

This is Sql Server Express running on a domain controller - Windows Server 2003 R2.

Everything i find ont he net refer to IIS, DHCP etc etc , i cannot find the issue regrading sqls server configuration manager.

Thanx

proxy account runs SQL agent job fails

February 12, 2016, 4:41 am
$
0
0

Hi,

I have a configured Proxy with credential that maps from SA. im trying to execute a SQLSSIS package the returns errror.

other more regular job´s like empty a log or take a backup works fine with the credential and Proxy configuerd.

the credential is a  doamin user with only connect permission in sql and msdb SQL agent operator role. the run as command is changed to Proxy.

output of job

Message
Executed as user: xxxxxxxxx. Microsoft (R) SQL Server Execute Package Utility  Version 11.0.2100.60 for 64-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  3:48:27 PM  Error: 2016-02-11 15:48:27.67     Code: 0xC0202009     Source: Data Flow Task 1 Source - Query [11]     Description: SSIS Error Code DTS_E_OLEDBERROR.  An OLE DB error has occurred. Error code: 0x80004005.  An OLE DB record is available.  Source: "Microsoft SQL Server Native Client 11.0"  Hresult: 0x80004005  Description: "The metadata could not be determined because every code path results in an error; see previous errors for some of these.".  An OLE DB record is available.  Source: "Microsoft SQL Server Native Client 11.0"  Hresult: 0x80004005  Description: "The EXECUTE permission was denied on the object 'sp_xxxxxxxx_filexport_1177', database 'xxxxxx', schema 'dbo'.".  End Error  Error: 2016-02-11 15:48:27.67     Code: 0xC020204A     Source: Data Flow Task 1 Source - Query [11]     Description: Unable to retrieve column information from the data source. Make sure your target table in the database is available.  End Error  Error: 2016-02-11 15:48:27.67     Code: 0xC004706B     Source: Data Flow Task 1 SSIS.Pipeline     Description: "Source - Query" failed validation and returned validation status "VS_ISBROKEN".  End Error  Error: 2016-02-11 15:48:27.67     Code: 0xC004700C     Source: Data Flow Task 1 SSIS.Pipeline     Description: One or more component failed validation.  End Error  Error: 2016-02-11 15:48:27.67     Code: 0xC0024107     Source: Data Flow Task 1      Description: There were errors during task validation.  End Error  DTExec: The package execution returned DTSER_FAILURE (1).  Started:  3:48:27 PM  Finished: 3:48:27 PM  Elapsed:  0.219 seconds.  The package execution failed.  The step failed.

Anty tips are welcome.

/Christer

Disabled SHA - error occurred during the login process

February 12, 2016, 6:21 pm
$
0
0

I'm trying to disabled SHA hashes using NARTAC tool but this cause the website to break. I suspects there is something wrong with the SQL server that doesnt support the "disabled SHA".

Sharing to you the Stack Trace. Can you help check on this? What is the issue Im encountering and how to fix it.

Server Error in '/' Application.

An existing connection was forcibly closed by the remote host
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.ComponentModel.Win32Exception: An existing connection was forcibly closed by the remote host

Source Error:


An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

Stack Trace:



[Win32Exception (0x80004005): An existing connection was forcibly closed by the remote host]

[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)]
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)+356
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +117
   System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +267
   System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +318
   System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +211
   System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +393
   System.Data.SqlClient.SqlConnection.Open() +122
   Sitecore.Data.DataProviders.Sql.DataProviderCommand..ctor(IDbCommand command, DataProviderTransaction transaction, Boolean openConnection) +106
   Sitecore.Data.DataProviders.Sql.<>c__DisplayClass4.<CreateCommand>b__3() +48
   Sitecore.Data.DataProviders.NullRetryer.Execute(Func`1 action, Action recover) +289
   Sitecore.Data.DataProviders.Sql.<>c__DisplayClass12.<CreateReader>b__10() +30
   Sitecore.Data.DataProviders.NullRetryer.Execute(Func`1 action, Action recover) +289
   Sitecore.Data.DataProviders.Sql.SqlDataApi.CreateReader(String sql, Object[] parameters) +251
   Sitecore.Data.DataProviders.Sql.SqlDataProvider.GetContentLanguages() +190
   Sitecore.Data.DataProviders.Sql.SqlDataProvider.LoadLanguages() +146
   Sitecore.Data.DataProviders.Sql.SqlDataProvider.GetLanguages() +48
   Sitecore.Data.SqlServer.SqlServerDataProvider.LoadItemDefinitions(String condition, Object[] parameters, SafeDictionary`2 prefetchData) +1338
   Sitecore.Data.DataProviders.Sql.SqlDataProvider.PrefetchItems(String itemCondition, String fieldCondition, String childCondition, Object[] parameters) +147
   Sitecore.Data.DataProviders.Sql.SqlDataProvider.EnsureInitialPrefetch() +255
   Sitecore.Data.DataProviders.Sql.SqlDataProvider.GetPrefetchData(ID itemId) +44
   Sitecore.Data.DataProviders.Sql.SqlDataProvider.GetItemDefinition(ID itemId, CallContext context) +9
   Sitecore.Data.DataProviders.DataProvider.GetItemDefinition(ID itemID, CallContext context, DataProviderCollection providers) +148
   Sitecore.Data.DataSource.GetItemInformation(ID itemID) +88
   Sitecore.Data.DataSource.GetItemData(ID itemID, Language language, Version version) +31
   Sitecore.Nexus.Data.DataCommands.GetItemCommand.GetItem(ID ƒ, Language „, Version , Database ) +92
   Sitecore.Nexus.Data.DataCommands.GetItemCommand.Execute(ID ƒ, Language „, Version , Database ) +496
   Sitecore.Data.Engines.DataCommands.GetItemCommand.DoExecute() +139
   Sitecore.Data.Engines.EngineCommand`2.Execute() +96
   Sitecore.Data.Managers.ItemProvider.GetItem(ID itemId, Language language, Version version, Database database) +292
   Deltekcom.Sc.Cms.Pipelines.ItemProviders.ItemProvider.GetItem(ID itemId, Language language, Version version, Database database) in C:\TeamCity\buildAgent\work\9bf9b9dbfcd6ebf0\src\Deltekcom.Sc.Cms\Pipelines\ItemProviders\ItemProvider.cs:20
   Sitecore.Data.Managers.ItemProvider.GetItem(ID itemId, Language language, Version version, Database database, SecurityCheck securityCheck) +141
   Deltekcom.Sc.Cms.Pipelines.ItemProviders.ItemProvider.GetItem(ID itemId, Language language, Version version, Database database, SecurityCheck securityCheck) in C:\TeamCity\buildAgent\work\9bf9b9dbfcd6ebf0\src\Deltekcom.Sc.Cms\Pipelines\ItemProviders\ItemProvider.cs:41
   Deltekcom.Sc.Cms.Pipelines.ItemProviders.ItemProvider.GetItem(String itemPath, Language language, Version version, Database database, SecurityCheck securityCheck) in C:\TeamCity\buildAgent\work\9bf9b9dbfcd6ebf0\src\Deltekcom.Sc.Cms\Pipelines\ItemProviders\ItemProvider.cs:62
   Sitecore.ContentTesting.Pipelines.ItemProvider.GetItem.GetItemUnderTestProcessor.Process(GetItemArgs args) +127
   (Object , Object[] ) +74
   Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) +331
   Sitecore.Data.Managers.PipelineBasedItemProvider.ExecuteAndReturnResult(String pipelineName, String pipelineDomain, Func`1 pipelineArgsCreator, Func`1 fallbackResult) +58
   Sitecore.Data.Managers.ItemManager.GetItem(String itemPath, Language language, Version version, Database database) +142
   Sitecore.FXM.Matchers.DomainMatcherRepository.GetAllDomainMatchers(IDatabase database) +81
   Sitecore.FXM.Sites.FxmSiteProvider.GetFxmSites() +94
   Sitecore.FXM.Sites.FxmSiteProvider.get_FxmSites() +103
   Sitecore.FXM.Sites.FxmSiteProvider.GetSites() +88
   System.Linq.<SelectManyIterator>d__16`2.MoveNext() +293
   Sitecore.Sites.SiteCollection.AddRange(IEnumerable`1 sites) +138
   Sitecore.Sites.SitecoreSiteProvider.GetSites() +245
   Sitecore.Sites.SiteContextFactory.GetSites() +256
   Sitecore.Sites.SiteContextFactory.GetSiteContext(String hostName, String fullPath, Int32 portNumber) +121
   Sitecore.Pipelines.HttpRequest.SiteResolver.ResolveSiteContext(HttpRequestArgs args) +430
   Sitecore.Pipelines.HttpRequest.SiteResolver.Process(HttpRequestArgs args) +50
   (Object , Object[] ) +74
   Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) +331
   Sitecore.Nexus.Web.HttpModule.(Object , EventArgs ) +505
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +142
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +92

 


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1069.1 

Search

SQL Server Cluster issue : Cannot validate the configuration

February 14, 2016, 12:49 pm
$
0
0

Hello,

I have a SQL Server Cluster which was blue screened last week. After restoration the cluster works fine so far:

We were able to fail over resources from one node to the other back and forth, the users did not get impacted.

except the "Validate Cluster Configuration"

On Node A I could not access any nodes for the wizard.

On Node B

I could access Node A but not Node B

We have checked the permissions, the ACL, the UAC, etc... we tried the wizard with:

- simple name: Cluster, Node A, Node B

- FQDN: Cluster, Node A, Node B

Same results... from Node B the Wizard works for Node A and give the expected results...

What are the specifics used by the Validate Configuration Wizard which could cause this issue? 

Any idea?

Thanks,

Dom

System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager



Set Expiration Date

February 16, 2016, 8:27 am
$
0
0

Hello All,

I have a need to create new users with password set to expire in 2 or 3 days. Does anyone know if this is possible?

Thank you,

Shawn

Can I use free 180 days trail enterprise as Reporting Server for Management for 3 Months?

February 16, 2016, 8:26 am
$
0
0

Hello, 

We are in the middle of moving away our reporting activities on live server to a different server. But the budget for the new server is authorized for month of July, so I was wondering if I can install enterprise 180  days free version of SQL 2012 on Windows server and replicate data from live to free version server for 3 months and use the as report server until we get a full server?

Regards

Abdul

Permissions to failover Availability group

February 17, 2016, 11:38 pm
$
0
0

Hi All,

I'm looking to create a server patching role for SQL server and to give this role permission to manually failover availability groups so that both nodes can be patched in a controlled manner.

Can you please advise what the minimal permissions are required to create a SQL server role with the ability to manually fail over an availability group to another node.

Thanks

Robert

SQL server login fails after moving client harddisk to a new mainboard

February 19, 2016, 2:04 am
$
0
0

We're tesing new software (under development) on a Windows 7 setup.

The software succeeds in connecting to a SQL server on another machine (tested with Sql Server 2005 and 2014).

When we move the harddisk to another identical mainboard, network access still works, but logging in to the SQL server with windows authentication fails. The same account is being used (it's the same harddisk just connected to another mainboard), and neither machine is member of a domain.

We keep getting "The user is not associated with a trusted SQL Server connection", when all that's changed is the physical mainboard the harddisk is hooked up to.

Another connection (proprietary, TLS connection made by our own software to a socket on the same server that hosts the database) works normally in both cases.

Move the disk back to the old mainboard, and everything works again as before.

On-board network hardware is used, so there is a different MAC address for each board, and hence another IP address from DHCP, but even configuring the IP address it got at the working setup as fixed doesn't solve it.

Network settings are remembered per network adapter while those of unavailable adapters are hidden from the UI, they just keep existing in the registry only, but as far as we can tell they're configured the same for the two mainboards.

Does anyone have an idea what might cause this?

Can't get Kerberos working on SQL Express 2008

February 19, 2016, 7:50 am
$
0
0

I have spent the past week trying to get Kerberos authentication to work on my SQL Express 2008 server. I've read every article I could find on delegation, creating SPN's, etc. and I really need some help.  Here is where I'm at:

1) The SQL server is on a domain controller (not ideal but that's how things worked out.)

2) I'm using the domain admin account as the service account (again, not ideal but will change it later.)

3) I've enabled Kerberos delegation for any service on the domain admin account.

4) I've assigned readspn and write spn permissions on the domain admin account.

5) I've deleted and recreated all SPN's related to the MSSQLSrv service.

6) I've confirmed that name resolution is working for the FQDN.

The results are:

a) running the query "SELECT net_transport, auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@SPID; " from a remote server shows: TCP NTLM

b)The Kerberos Configuration Manager shows "Unable to connect to the server" from both the local and remote servers.

c) I see a recurring Event ID 3 in the logs stating: " Error Code: 0xd KDC_ERR_BADOPTION"

d) After some recent troubleshooting I now see the following error in the logs in addition to the one above: "Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN"

So I'm totally confused on where to go next.  The one 'non-standard' issue I can find is that the hostname is 18 characters long, which means that SQL truncated the host name when installing the named instance.  Would that have any impact?

Any help is greatly appreciated.

Thanks,
Joe

Proper way to turn on and off SQL Server 2014

February 19, 2016, 5:17 pm
$
0
0

Hello to all,

I installed SQL Server 2014 Express to aid in my Visual Studio 2015 project development.  For security reasons, when I'm not working on the development of my project, I'd like to turn off my SQL Server.  Of course, I'd like to start it back up when I begin coding once again.  What's the best way of doing this?  Rather, what is the proper way of doing this?

Thanks to all

Marcin

MarcinMR

Search

permission question

February 20, 2016, 2:00 pm
$
0
0
what all does the 'alter table' allow?    can you drop/add indexes to the table?    

Disable Sa yesor not?

February 21, 2016, 11:38 pm
$
0
0

Hi

Recently i want to better security , changed my sa user to another name , but i read in web pages about sa it is better sa user disabled.

But i know when i disable sa user i cann't use it in emergency mode , disable is good or not?!!!

It is better that , we disable it or change permission sa from sysadmin?

thanks


Linked Server using same domain account on different servers

February 23, 2016, 9:25 am
$
0
0
I am trying to create a linked server that will allow a SQL Agent job to transfer data from one SQL Server to another. I am using the same account on each SQL Server. Is there any way to do this without impersonating. This should be straight forward, but it seems not to be. I've tried proxy accounts and impersonate ( am trying to get to a point where I don't have to add passwords all over the place.

frankm



Unable to add the local administrators group to SQL Server administrators

February 26, 2016, 12:17 am
$
0
0

Hi Team 

I am trying to add local server (windows) administrator group to SQL server administrator group, by creating new login on sql server  but i am getting below mentioned error 


While configuring SQL server i forgot to add local group as administrator and now i am trying to do manually from SQL server management studio, Please guide what cloud be a possible reason for this error.

Regards

Dushyant Padhya 

TFS and SQL installation and configuration

AlwaysOn with high numbers of databases(80-100) - sql server 2014

February 26, 2016, 2:53 am
$
0
0

Hi 

 

I am wondering if anyone has used AlwaysOn with high number of databases (  100 databases (2-4Gb)).

 

I’m looking to set up AGs with two replicas:  synchronous replica

 

I would appreciate if you can share your experience and best practices.

 

Thanks,

Viewing all 3042 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>