I have been able to connect to my newly installed sql server express via sqlcmd and adjust remote logins and number of logins via sp_configure, but am unable to connect with SSMS.
↧
can login to SQL SERVER Express via SQLCMD and adjust settings with sp_configure, but can't login with SSMS
↧
SQL Server 2012 - Changed sa password. ERRORLOG filling up with Login Failed for user sa. Password did not match.
Hi all,
I really could use some assistance.
Yesterday, I needed to change the sa password on our SQL Server 2012.
Now the ERRORLOG is filling up with "Login Failed for user sa. Password did not match that for the login provided."
It kicks this error every 30 seconds.
None of our applications use the sa account, and nobody is manually attempting to log into the server with this account. There must be some sort of service or system level process trying to access the server using this account.
I've viewed the ERRORLOG from within SQL Server Profiler, as it provides the application name of the failure, which is stated as ".Net SqlClient Data Provider" ...not much help.
How can I find out what is hitting this server, and either reset its stored 'sa' password or disable it completely.
I appreciate any knowledge or assistance you may provide.
Thanks
vincent
↧
↧
SQL Server Encryption
Looking for clarification on what the service master key protects. I review several articles talking about the encryption hierarchy, and they all mention that the service master key is protected by the Windows Data Protection API, and that the SQL Server creates the Service Master key, and it protects the keys underneath. I understand this, but what does the database master key for the master database protect? Is the database master key for a user database protected by the service master key, or is it protected by the master key of the master database?
For changing password for the master key for the master database, you don't need to open the key, but for a user database you do; why is that?
Any information on clarifying this would be appreciated.
DJ
↧
TDE for multiple databases
Hello All,
i have question, i have configured the TDE for one of the database by creating a master and certificate.
Now the question ihave is i need to configure TDE for other 5 databases on the same server, so will it be the process of create seperte certificate for each database, or can i use the same certificate for all the 5 databases.
Thanks in Advance
↧
Copy User permission
Hello,
i would like to copy the permissions from user to another user at sql 2008.
All database permssions should also be copied.
Are there a way to do this with a script or anything else,
Horst
Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2008, TFS 2010
↧
↧
Public Role permissions on user objects on user databases
Hi, We're strengthening security and the security tool I used complained about the
Public Role having Permissions on User Database Objects
When I check what those objects are in the user database, they are all system objects:
30 system stored procs named dt_*
1 system table: dtproperties
Is it safe to remove these permissions?
Thank you
Paula
↧
Managed Service Accounts on SQL 2014
I'm trying to use a MSA for the SQL Server Service on SQL Server 2014. This works well until I need to restart the server then the service fails to start with generic error messages: "The service did not start due to a logon failure" in services.msc and "The request failed or the service did not respond in a timely fashion..." in SSCM.
The only way to get the service started again with my MSA is reselect it in SSCM. If I try and do this in the services.msc this fails.
MSA was created using this guide: https://blogs.technet.microsoft.com/askds/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting/
Any suggestions? I though MSA's where best practice for SQL Server services now?
↧
Migrated 2008 to 2012 DB - login failed "windows authentication only"
I migrated several DBs from 2008 to 2012 on a fresh 2012 server install.
I'm getting the following error on W7 client that tries to connect to the new server:
Login failed for user 'rabatchctl'. Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. [CLIENT: 192.168.9.208]
The new server was built with mixed mode authentication as seen under DB properties.
But I confirmed by running select serverproperty('IsIntegratedSecurityOnly')result = 0
I read several threads on this and so on the client I built an ODBC connection using System DSN to the SQL server, using SQL authentication with the rabatchctl user and when I test the connection it's successful so that leaves me rather confused.
What shall I try next?
↧
Unreachable Sql Server from my DC
Hi all of you,
I've got one Controller Domain 2012 virtualized.
I can reach one of my clients, one OS 7 Ultimate by using SSMS without problems. It's a physical machine.
On the other hand I have another client (virtualized) running Windows Server 2012. I've got installed there Sql12k.
From my DC I cannot reach the second machine.
Using Integrated Security I get this message:
The login is from an unstrusted domain and cannot be used with Windows authentication
Using Sql Server security I get this message:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
(provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) (Microsoft SQL Server, Error: -1)
Nevertheless, I can connect by using Ip address\<server_name>
Firewall is open at domain/private level and is off on public one. I've created a couple of inbound/outbund rules allowing 1434
- Allow remote connections on the target is ON
- Machine itself is connected to my DOMAIN ok
- PING responds ok
- NSLOOKUP fails against the IP
NOTE: target machine unreachable is a controller domain and it is a node of one Always On.
Let me know what am I missing!!
Thanks for your hints/advices,
↧
↧
Server is vulnerable if the public role has been granted any permissions or is a role member.
Hi again
The security tool we bough using the security standard for PCI is complaining about permissions for the public role on user dbs:
"Server is vulnerable if the public role has been granted any permissions or is a role member."
Checking the permissions on one of the user dbs, there are 129 database permissions assigned to the public role.
The schema is sys, the objects are views
i.e.:
sys.all_objects
sys.all_columns
sys.all_sql_modules
etc
I understand the AD analogy for the everyone being granted permissions on Windows and public acting the same way for SQL.
This security threat is marked as High by the security tool and we need to pass the audit...
Can I remove these Select permissions from the public role on prod from the public role without any major consequences? In this case I'm anticipating that unless granted the select permissions on these system views you wouldn't have access to this information if querying it. Anything else?
Thank you!
Paula
↧
Audit functionality question - security log
Hi
I am currently tasked with auditing certain tables that have sensitive data.
I have created a database audit spec which is built on a server spec which logs to the windows security log.
It logs to the security log just fine but when I query upon a data sensitive column, the full statement is output to the windows log.
Is there any way of the audit still running but the SQL query statement being masked out in the security log?
Thanks in advance.
↧
Provide access to execute the SP's ?
Hi All,
Client requested to create one login with public access and he needs to execute the SP's which are doing select,insert,delete and update on multiple tables on multiple databases. How can i do this one.
Thanks in Advance,
rup
↧
XP_CMDSHELL issue
Hi Members,
I have below scenario:
SQL Server 2008R2 SP2
These is an SSIS package which application team need to call from an ASP.Net code. This SSIS package requires a runtime variable which will be passed by ASP .Net code. This SSIS package uses user FakeSQLUser (SQL Server Authenticated User) to log onto database do its work.
Step 1
Created a stored procedure to call this SSIS package
[size="1"][size="7"]CREATE PROCEDURE [dbo].[spFakeName] @User varchar(200)
AS
DECLARE @SQLQuery AS VARCHAR(2000)
SET @SQLQuery = 'DTExec /SQL "\Fakename" '
SET @SQLQuery = @SQLQuery + ' /SET \Package.Variables[UserName].Value;^"'+ @User + '^"'
--print @SQLQuery
EXEC master..xp_cmdshell @SQLQuery
GO
GO
[/size][/size]
Step 2:
Since I did not want application to call this SP using a sysadmin account. I did below
a) Created a 'FakeDomain\FakeDomainAccount', added it to Sql Server as public, and provided public access to master database.
b) EXEC sp_xp_cmdshell_proxy_account 'FakeDomain\FakeDomainAccount','FakeDomainAccountPass'
c) Grant EXECUTE ON xp_cmdshell TO [FakeDomain\FakeDomainAccount]
d) Added Login FakeSQLUser to master
e) Granted EXECUTE ON xp_cmdshell TO FakeSQLUser
I reckon it should now be able to run xp_cmdshell without providing sysadmin role to FakeSQLUser
But it keeps on failing with
Msg 229, Level 14, State 5, Procedure xp_cmdshell, Line 1
The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
What am I doing wrong?
Regards,
Sid
I have below scenario:
SQL Server 2008R2 SP2
These is an SSIS package which application team need to call from an ASP.Net code. This SSIS package requires a runtime variable which will be passed by ASP .Net code. This SSIS package uses user FakeSQLUser (SQL Server Authenticated User) to log onto database do its work.
Step 1
Created a stored procedure to call this SSIS package
[size="1"][size="7"]CREATE PROCEDURE [dbo].[spFakeName] @User varchar(200)
AS
DECLARE @SQLQuery AS VARCHAR(2000)
SET @SQLQuery = 'DTExec /SQL "\Fakename" '
SET @SQLQuery = @SQLQuery + ' /SET \Package.Variables[UserName].Value;^"'+ @User + '^"'
--print @SQLQuery
EXEC master..xp_cmdshell @SQLQuery
GO
GO
[/size][/size]
Step 2:
Since I did not want application to call this SP using a sysadmin account. I did below
a) Created a 'FakeDomain\FakeDomainAccount', added it to Sql Server as public, and provided public access to master database.
b) EXEC sp_xp_cmdshell_proxy_account 'FakeDomain\FakeDomainAccount','FakeDomainAccountPass'
c) Grant EXECUTE ON xp_cmdshell TO [FakeDomain\FakeDomainAccount]
d) Added Login FakeSQLUser to master
e) Granted EXECUTE ON xp_cmdshell TO FakeSQLUser
I reckon it should now be able to run xp_cmdshell without providing sysadmin role to FakeSQLUser
But it keeps on failing with
Msg 229, Level 14, State 5, Procedure xp_cmdshell, Line 1
The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
What am I doing wrong?
Regards,
Sid
↧
↧
Tracking logs for new Login and new user.
Hi,
Is it possible to get the logs when someone creates a new user and login from SQL Audit feature?
SQL version: SQL Server 2014
aa
↧
Proxy accounts security issue?
This is for SQL Server 2008.
I have read in order to run SSIS packages as one of the non SA username(s), we need to create proxy accounts. Then allow the non SA username to run it through the proxy.
I admit I do not know much about proxy; but, doesn't that still open a security hole to the db as well? The non SA username is temporarily able to do some things that normally it can't?
Any guidance is appreciated.
Edit: Also, the use of proxy is only applicable to jobs on SQL Server Agent, correct?↧
track the user activities on a database ?
Hi All,
Client requested to track all activities performed on server by the particular user with SQL text. How can i set the audit for particular user.
Please guide me to work on this request.
Thanks in Advance,
rup
↧
Hiding Database List in Azure Sql v12
Hi,
We have switched some of our databases onto Azure Sql V12 databases and historically with Sql 2008/2012 on premises etc we used to be able to restrict users from seeing all of the databases on the same server by running the below
DENY VIEW ANY DATABASE TO [the_user_name]
Is there a new method on Sql V12 for Azure to do similar?
thanks in advance
James
↧
↧
SQL Server errors out and restarts when trying to restore database
I am trying to restore a database from the program files. I have identified the correct database file, but each time I click on the path SQL Server errors out and eventually gives me this error:
Microsoft.AnalysisServices.AdomdClient.AdomdErrorResponseException was unhandledHelpLink=""
HResult=-2146233088
Message=The function failed because of the following error: Access to the path 'C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA' is denied..
Source=Microsoft SQL Server 2012 Analysis Services Managed Code Module
ErrorCode=-1056309025
StackTrace:
at Microsoft.AnalysisServices.AdomdClient.AdomdConnection.XmlaClientProvider.Microsoft.AnalysisServices.AdomdClient.IExecuteProvider.ExecuteTabular(CommandBehavior behavior, ICommandContentProvider contentProvider, AdomdPropertyCollection commandProperties, IDataParameterCollection parameters)
at Microsoft.AnalysisServices.AdomdClient.AdomdCommand.ExecuteReader(CommandBehavior behavior)
at Microsoft.AnalysisServices.AdomdClient.AdomdCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior)
at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet)
at Microsoft.AnalysisServices.Controls.FileSystemBrowser.Call(String function)
at Microsoft.AnalysisServices.Controls.FileSystemBrowser.Microsoft.DataWarehouse.Design.IFileSystemBrowsing.GetDirectories(String path)
at Microsoft.DataWarehouse.Controls.BrowsingTree.LateLoadChildNodes(LateLoadableTreeNode parentNode)
at Microsoft.DataWarehouse.Controls.LateLoadingTreeView.EnsureNodeChildrenLoaded(TreeNode parentNode)
at Microsoft.DataWarehouse.Controls.LateLoadingTreeView.OnBeforeExpand(TreeViewCancelEventArgs e)
at Microsoft.DataWarehouse.Controls.BrowsingTree.OnBeforeExpand(TreeViewCancelEventArgs e)
at System.Windows.Forms.TreeView.TvnExpanding(NMTREEVIEW* nmtv)
at System.Windows.Forms.TreeView.WmNotify(Message& m)
at System.Windows.Forms.TreeView.WndProc(Message& m)
at Microsoft.DataWarehouse.Controls.MultipleStateTreeView.WndProc(Message& m)
at Microsoft.DataWarehouse.Controls.DataWarehouseTreeView.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
InnerException:
↧
Security risk in Link Server.
Hi all,
We have some concerns regarding the security flaws in a linked Server, as someone from a remote location can easily make changes in the most critical database by escalating the privileges and by other means.
Also, Port opening is necessary for this(May be it is something which is mandatory).
I wanted to know any such alternatives for linked server in which the above mentioned issues can be addressed.
aa
↧
Multiple AD Users with same privilieges
Hello There,
i'm trying to grant a group of users same access across the SQL Server, I don't want to create database roles for each database and add the related users. Is there a way to do so? like a server role but with access to the databases.
Thank you
↧