Attempted Brute Force Attacks
Nov 24, 2004
It is not uncommon for me to review the event logs of our SQL Server and notice that someone is attempting to figure out the password for one of the SQL user accounts.........especially the "sa" username. But lately our SQL server has to be rebooted to where it is starting to become a nightly thing.
Last night the SQL Server was bombarded with attempted failed connections for 2 hours before it finally gave a blank BSOD. The SQL Server in question is in mixed mode and is a shared server. Strictly using Windows Authentication mode is not an option for us. The server has "beefy" hardware and has all updates and patches.
Sometimes, when I log on the server and notice that an IP address is making such attacks on the server, I put up an IPSEC policy against that IP. But that is not a good solution for reasons I dont think need to be outlined here.
So my question is, what can I do to better protect our SQL Server from these types of attacks? My thought on these attacks is not different than a DDOS that eventually takes the server down.
I have already done TCP/IP Hardening but not sure what else to do.
Thank you all for your replies.
View 3 Replies
ADVERTISEMENT
Oct 22, 2007
Hi to all,
Im looking at the sql server log, and I see a strange behavior.
Im getting at least 5 "sa" login attempts from an sepcific IP address.
How can I avoid this, lock that IP or add a delay to 'sa' failed logins?
Thanks so much
Cristian
View 10 Replies
View Related
Nov 3, 2005
In the Application event log I am seeing entries like the
following:
Login failed for user 'sa'. [CLIENT: 60.32.67.85]
Once
every second.
I am assuming this is a brute force password attack, an
ARIN query of the IP address indicates it's from:
Asia Pacific Network Information CentreIs there any way to block this IP from accessing my server?Thanks,Tylerp.s. I tried posting this on MSDN forums, but the site appears to be broken.
View 1 Replies
View Related
Aug 28, 2007
In my product description field, I need to extract the data that looks like
19-3-19 or 0-0-7. Sometimes that pattern is in the data, sometimes not.
I only want those that contain the pattern, of course, but I have no other method of determining whether or not the pattern will be in the description.
I thought I'd found a method that worked, until I encountered descriptions
that had a '-' in it prior to the pattern.
Here's what I have so far, it works for all but the last one.
CREATE TABLE #TMPPROD (
PROD_DESC VARCHAR(60)
)
INSERT INTO #TMPPROD
SELECT '22-4-12 15%SCU'
UNION ALL
SELECT '14-4-8 W/F'
UNION ALL
SELECT 'UFLEXX 17-3-17 2%FE'
UNION ALL
SELECT 'FERT-PEST 19-19-19'
SELECT PROD_DESC, SUBSTRING(PROD_DESC,CHARINDEX('-', PROD_DESC)-CASE WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 2,1))<>0 THEN 2
WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 1,1))<>0 THEN 1
ELSE 0 END, CHARINDEX('-', SUBSTRING(PROD_DESC,
CHARINDEX('-',PROD_DESC)+1,2))+CASE WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 2,1))<>0 THEN 2
WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 1,1))<>0 THEN 1
ELSE 0 END+2+CASE WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) +1,2))<>0 THEN 2
WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 1,1))<>0 THEN 1
ELSE 0 END) AS 'ANALYSIS'
FROM #TMPPROD
WHERE PROD_DESC LIKE '%-[0-9]%-[0-9]%'
DROP TABLE #TMPPROD
Any pointers on what to try next, or have I severely over-complicated the process - as I am wont to do.
Thanks
Mark
View 14 Replies
View Related
Dec 20, 2006
Hello,
I restored a huge ReportServer backup on a dev machine and I do not want the subscriptions and their jobs.
I already changed the SMTP server address so emails will go to nowhere.
Now What is the best sequence to get a rid of all subscriptions?
Delete records (or truncate) from the ReportServer.Subscriptions table then delete all the subscriptions jobs or the other way around?
BTY, a centralized management of subscriptions as well as stuffing all these jobs into a folder would be a welcome addition.
Thanks,
Philippe
View 3 Replies
View Related
Dec 24, 2003
I've got a huge inefficiency in my code that I'm trying to fix. I’m coding in VB.NET using ASP.NET and an MSSQL 2000 server.
I’m working in a temporary table that has an identical layout as another, non-temporary table in my database. Once I get the temp table how I want it, I need to insert everything from that table into my main table. Before I can do that, however, I need to delete all the records in the main table with certain fields that match a record’s fields in the temporary table.
Right now, I have a method that builds one delete statement per record in the temporary table and then runs those statements on the main table. Since I’m dealing with the order of 50,000 records (at least) here, building and sending those statements to the server takes forever.
Is there a way I can accomplish the same thing without building and sending such a huge SQL call to the server? If so, how would I go about doing that?
Thanks in advance for whatever help you can give,
-Starwiz
View 6 Replies
View Related
Mar 22, 2008
Dear guys
I'm developing a web site that subscribers will directly connect to sql express and send results of their desktop application to database.
So every body, including hackers can easily obtain a login. ofcourse I will restrict each login to execute only one stored procedure specially created for himself and do nothing else. (or anotherquery to verify validity of each user, instead of creating special stored procedures for each one)
But, I'm worried about frequency of running that stored procedure buy bad users. I can limit frequency of running stored procedure, but anyhow each time of such control also takes time. should I pay attention to such matter?
I also don't know what if a user tries to broute force server with incorrect user names and passwords repeatedly. does it lead to slowing down the server? again, should I pay attention to such matter?
does firewall help? does IP tarcking help? are these enough? if so, where can I find extra information?
In fact this problem persists even if I want to redirect user communications to web service instead of direct connection to data base or even using emails. Anyhow hackers can do the same thing but only some more complexity is added to my project. I found this article for IP tracking in web sites http://weblogs.asp.net/omarzabir/archive/2007/10/16/prevent-denial-of-service-dos-attacks-in-your-web-application.aspx . Is this enough?
I wish to know the way big networks do in real world.
Can any one please help me? Infact I'm not a professional in security. what ever kind of extra suggestions will be appreciated.
regards.
View 9 Replies
View Related
May 1, 2007
Hello, Our Security specialist, is running an audit on one of my systems. All pages pass except the login page. It keeps saying I am getting hit with a SQL injection attack. I filter out special characters, both on the Client Side validation and the server side.It is only the one page I have is failing, and I am beginning to wonder if it is producing false positives.Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click If Not Page.IsValid Then
lblError.Text = "Page Invalid"
Exit Sub End If Dim strMesage As String = ""
If Not IsInputSanitized(strMesage) Then
lblError.Text = strMesage
Exit Sub End If If Not ValueIsValid(txtUserName.Value.Trim) Then
lblError.Text = Globals.Message_InvalidCharacters
Exit Sub End If Public Function IsInputSanitized(ByRef p_strReturnMessage As String) As Boolean Dim loop1 As Integer Dim arr1() As String Dim coll As NameValueCollection Dim regexp As String = "^([^<>" & Chr(34) & "\%;)(&+]*)$"
Dim reg As Regex = New Regex(regexp) coll = Request.Form arr1 = coll.AllKeys 'Start at 1 so you will skip over the __VIEWSTATE
For loop1 = 0 To UBound(arr1) 'Skip over the ASPNET-generated controls as they will give a false positive.
If Left(coll.AllKeys(loop1), 2) <> "__" Then If Not reg.IsMatch(Request(arr1(loop1))) Then
p_strReturnMessage = Globals.Message_InvalidCharacters
Return False End If End If Next loop1 'If it never hit false retrun true
p_strReturnMessage = "Success"
Return True End Function If Not ValueIsValid(txtPassword.Value.Trim) Then
lblError.Text = Globals.Message_InvalidCharacters
Exit Sub End If If Not ValidateUser(txtUserName.Value.Trim, txtPassword.Value.Trim) Then
lblError.Text = Globals.Message_LoginInvalid
End If End Sub Here are the other validation routines 'This is a check to make sure that the String Values Entered into the Database field 'are indeed valid and without characters that can be used in injection attacks
Function ValueIsValid(ByVal p_Input As String) As Boolean Dim strIn As String = p_Input Dim x As Integer Dim A As String Dim l_Return As Boolean = True For x = 1 To Len(strIn) A = Mid(strIn, x, 1) 'Check each character in the string individually
If InStr("<>+%|?;()", A) <> 0 Then 'If this is not a "Bad" character
l_Return = False 'tack it onto the output string
End If Next Return l_Return End Function
View 8 Replies
View Related
Nov 6, 2006
I am taking a class where the professor really dislikes using parameterized queries because he considers them to be pointless. Despite the many points that I and a classmate bring up, the only thing he considers valid is using them to prevent SQL injection attacks. To prevent this, he replaces all single quotes with a pair of single quotes. I know this works for SQL server, but will fail in some others (for instance MySQL also allows '). Is there other possibilies such as the ' that need to be protected against?
View 4 Replies
View Related
Aug 16, 2006
Hello to everyone
I am running MS SQL 2005 Express I get per day 2-4 hackers attacks trying to login from €œsa€?
Some 37 calls times per second one of attack was continuing 4 days
Is there some setting into MS SQL 2005 to reduce that?
Can you recommend me good firewall for DDOS attacks?
Is it there some legal action that I can take to this people I have their IPs most are from US and Canada?
Thank you in advance
val
View 9 Replies
View Related
Jan 24, 2004
this is a question I put in the sql community in microsoft, but havent be answered in full
------------
I am using dynamic sql to do a query with differents 'order' sentences and/or 'where' sentences depending on a variable I pass to the sp
ex:
create proc ex
@orden varchar(100)
@criterio varchar(100)
as
declare consulta varchar(4000)
set consulta=N'select pais from paises where '+@criterio' order by '+@orden
------------
I'd like to know it it uses 2 sp in the cache, as I read, the main sp and the query inside the variable of the dynamic sql. if so, as I imagine, then I suppose I have to do the main sp without any 'if' sentence to be the same sp, and so taking it from the cache and not recompile the sp
now, I have various 'if' sentences in the main sp (the caller of the dynamic sql) but I plan to remove them and do the 'if' by program -it is in asp.net-, so I suppose it is better because in this way the main sp is took from the cache, supposing this uses the cache different that the dynamic sql in the variable
what do u think? does the dynamic sql use 2 caches? if so, u think it is better to try to do the main sp same in all uses (no 'if' statements)?
-----
They told me this coding is not good (dynamic sql) because it can give control to the user?
I ask, how does it give control to use? what ar sql injection attack and how to prevent them?
I use dynamis sql because I have 150 queries to do, and thought dynamic sql is good
is it true that dynamic sql have to be recompiled in each execution? I suppose so only if the sql variable is different, right?
can u help me?
View 4 Replies
View Related
Apr 8, 2004
Hi,
On my site I have a simple textbox which is a keyword search, people type a keyword and then that looks in 3 colums of an SQL database and returns any matches
The code is basic i.e. SELECT * FROM Table WHERE Column1 LIKE %searcg%
There is no validation of what goes into the text box and I am worried about SQL injection, what can I do to minimize the risk
I have just tried the site and put in two single quotes as the search term, this crashed the script so I know I am vunerable.
Can anyone help, perhaps point me in the direction of furthur resources on the subject?
Thanks
Ben
View 3 Replies
View Related
Nov 29, 2007
Hi, I´m new on this forum, I just need help to solve or avoid better saying attacks to a SQL Server 2005 database. I ´ve had some intruders on my database, changing some data on 2 tables. the information there is too important. But i need to know how can i get all the remote address that make some masive updates on my DB. I´ve make some triggers to avoid that, but those peaoples have reach modify data. I think is some user on the same VPN.
Help me please what can i do to get the ip address.
View 1 Replies
View Related
Mar 2, 2006
My site has come under attack from sql injections. I thought I hadthings handled by replacing all single quotes with two single quotes,akaReplace(inputString, "'", "''")Alas, clever hackers have still managed to find a way to drop columnsfrom some of my tables. Can anybody direct me towards a best practicedocument on preventing these attacks?Thank you thank you,Kevin
View 4 Replies
View Related
May 10, 2007
Greetings all,
For entertainment purposes, I've been reading some articles on SQL Injection Attacks and there should be a cover charge to read these articles. (excuse the sarcasm)
Most defense is based on the use of stored procedures or read only settings on the tables.
I'm looking for practical opinions and possibly some code that would convince me personally that this is indeed a real threat.
Also, if possible, please post remedies that are solid and not open ended.
Thanks all,
Adamus
View 1 Replies
View Related
Oct 4, 2007
I have SQL 2005 Express on a hosted webserver - the server is behind a provided firewall with port 1433 closed.
In my event log I am getting hundreds of these :
Login failed for user 'sa'. [CLIENT: 213.247.51.248]
Event ID 18456
They come thick and fast from the same IP.
When I look in SQL Error Logs it's State 8 which seems to be invalid password - so it looks like someone probing the server to me.
I can see a way in the firewall to block certain IP's.
Anyone know a way I can lockdown the SQL, or the server (Packet Filtering?) to stop this? The server is hosted by 1&1 who aren't that hot with support on stuff like this.
Any help greatly appreciated!!
View 9 Replies
View Related
Jan 4, 2006
hi,
i had this formula written for a textbox in a table, but yet still encounter the following error:
expression:
=iif(countdistinct(Fields!room.Value)=0,0, sum(Fields!rate.Value)/countdistinct(Fields!room.Value))
error:
attempted to divide by zero.
any way i can solve this problem?
thanks!
View 12 Replies
View Related
Jul 23, 2005
I have the security audit logging failed attempts on my MS SQL server.Is there a way to log the ip address of these attempts?
View 1 Replies
View Related
Jan 15, 2008
Hi All, I have a web form that inserts information into two tables in sql 2005 database on a submit button click. I have a unique key on the tables preventing duplicate information which works fine. The problem I have is that at the minute if a users tries to insert a duplicate row they just get the built in sql error message. Is there a way I can validate the information before if goes into the database and display perhaps a label telling the user of their error or is there a way I can customize the build in sql error message? I've had a search on various forums and sites and can't find any info that would help me. Thanks in advance
Dave
View 6 Replies
View Related
Nov 23, 2005
One of the packages we've created a while ago is now, suddenly, giving us a strange error:
View 3 Replies
View Related
May 23, 2007
we are using sql server 2005 standard edition with sp1
From last couple of days, I am getting lot of these errors-
Process 304 unlocking unowned resource: OBJECT: 2:792809934:0
Process ID 304 attempted to unlock a resource it does not own: OBJECT: 2:792809934:0 . Retry the transaction, because this error may be caused by a timing condition. If the problem persists, contact the database administrator.
A user request from the session with SPID 304 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.
SqlDumpExceptionHandler: Process 304 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.
2007-05-23 05:31:58.74 spid76 * *******************************************************************************
2007-05-23 05:31:58.74 spid76 *
2007-05-23 05:31:58.74 spid76 * BEGIN STACK DUMP:
2007-05-23 05:31:58.74 spid76 * 05/23/07 05:31:58 spid 76
2007-05-23 05:31:58.74 spid76 *
2007-05-23 05:31:58.74 spid76 *
2007-05-23 05:31:58.74 spid76 * Exception Address = 00000000015F4502 Module(sqlservr+00000000005F4502)
2007-05-23 05:31:58.74 spid76 * Exception Code = c0000005 EXCEPTION_ACCESS_VIOLATION
2007-05-23 05:31:58.74 spid76 * Access Violation occurred reading address 0000000000000018
2007-05-23 05:31:58.74 spid76 * Input Buffer 68 bytes -
2007-05-23 05:31:58.74 spid76 * 16 00 00 00 12 00 00 00 02 00 00 00 00 00 00 00 00 00
2007-05-23 05:31:58.74 spid76 * S G L M e s 01 00 00 00 15 00 53 00 47 00 4c 00 4d 00 65 00 73 00
2007-05-23 05:31:58.74 spid76 * s a g e Q u e u e 73 00 61 00 67 00 65 00 51 00 75 00 65 00 75 00 65 00
2007-05-23 05:31:58.74 spid76 * S e l e c t 53 00 65 00 6c 00 65 00 63 00 74 00 00 00
2007-05-23 05:31:58.74 spid76 *
2007-05-23 05:31:58.74 spid76 *
2007-05-23 05:31:58.74 spid76 * MODULE BASE END SIZE
2007-05-23 05:31:58.74 spid76 * sqlservr 0000000001000000 00000000035FBFFF 025fc000
2007-05-23 05:31:58.74 spid76 * ntdll 0000000078EC0000 0000000078FF8FFF 00139000
2007-05-23 05:31:58.74 spid76 * kernel32 0000000078D40000 0000000078EB1FFF 00172000
2007-05-23 05:31:58.74 spid76 * MSVCR80 0000000078130000 00000000781FEFFF 000cf000
2007-05-23 05:31:58.74 spid76 * msvcrt 000007FF7FC00000 000007FF7FC85FFF 00086000
2007-05-23 05:31:58.74 spid76 * MSVCP80 000000007C420000 000000007C530FFF 00111000
2007-05-23 05:31:58.74 spid76 * ADVAPI32 000007FF7FEE0000 000007FF7FFE4FFF 00105000
2007-05-23 05:31:58.74 spid76 * RPCRT4 000007FF7FD30000 000007FF7FED8FFF 001a9000
2007-05-23 05:31:58.74 spid76 * USER32 0000000078C30000 0000000078D3BFFF 0010c000
2007-05-23 05:31:58.74 spid76 * GDI32 000007FF7FC90000 000007FF7FD28FFF 00099000
2007-05-23 05:31:58.74 spid76 * CRYPT32 000007FF7D180000 000007FF7D2DEFFF 0015f000
2007-05-23 05:31:58.74 spid76 * MSASN1 000007FF7D150000 000007FF7D179FFF 0002a000
2007-05-23 05:31:58.74 spid76 * Secur32 000007FF7E7F0000 000007FF7E811FFF 00022000
2007-05-23 05:31:58.74 spid76 * MSWSOCK 000007FF76FE0000 000007FF7705BFFF 0007c000
2007-05-23 05:31:58.74 spid76 * WS2_32 000007FF77150000 000007FF7717FFFF 00030000
2007-05-23 05:31:58.74 spid76 * WS2HELP 000007FF77140000 000007FF7714BFFF 0000c000
2007-05-23 05:31:58.74 spid76 * USERENV 000007FF7C4A0000 000007FF7C5A8FFF 00109000
2007-05-23 05:31:58.74 spid76 * opends60 00000000333E0000 00000000333E7FFF 00008000
2007-05-23 05:31:58.74 spid76 * NETAPI32 000007FF771B0000 000007FF77247FFF 00098000
2007-05-23 05:31:58.74 spid76 * SHELL32 000007FF7F190000 000007FF7FB97FFF 00a08000
2007-05-23 05:31:58.74 spid76 * SHLWAPI 000007FF7EF60000 000007FF7EFFAFFF 0009b000
2007-05-23 05:31:58.74 spid76 * comctl32 0000000000AF0000 0000000000C76FFF 00187000
2007-05-23 05:31:58.74 spid76 * psapi 000007FF7E1B0000 000007FF7E1BFFFF 00010000
2007-05-23 05:31:58.74 spid76 * instapi 0000000048060000 000000004806CFFF 0000d000
2007-05-23 05:31:58.74 spid76 * CLUSAPI 000007FF7B1C0000 000007FF7B1E3FFF 00024000
2007-05-23 05:31:58.74 spid76 * ole32 000007FF7ECE0000 000007FF7EF51FFF 00272000
2007-05-23 05:31:58.74 spid76 * OLEAUT32 000007FF7E9F0000 000007FF7EB03FFF 00114000
2007-05-23 05:31:58.74 spid76 * RESUTILS 000007FF7B310000 000007FF7B32BFFF 0001c000
2007-05-23 05:31:58.74 spid76 * sqlevn70 000000004F610000 000000004F7A3FFF 00194000
2007-05-23 05:31:58.74 spid76 * SQLOS 00000000344D0000 00000000344D5FFF 00006000
2007-05-23 05:31:58.74 spid76 * NTMARTA 000007FF7E2F0000 000007FF7E32BFFF 0003c000
2007-05-23 05:31:58.74 spid76 * SAMLIB 000007FF76F80000 000007FF76F95FFF 00016000
2007-05-23 05:31:58.74 spid76 * WLDAP32 000007FF7E780000 000007FF7E7E5FFF 00066000
2007-05-23 05:31:58.74 spid76 * rsaenh 000000000FFB0000 000000000FFEDFFF 0003e000
2007-05-23 05:31:58.74 spid76 * AUTHZ 000007FF7E2C0000 000007FF7E2ECFFF 0002d000
2007-05-23 05:31:58.74 spid76 * MSCOREE 000006427EE60000 000006427EED3FFF 00074000
2007-05-23 05:31:58.75 spid76 * msv1_0 000007FF7E330000 000007FF7E373FFF 00044000
2007-05-23 05:31:58.75 spid76 * iphlpapi 000007FF57250000 000007FF57280FFF 00031000
2007-05-23 05:31:58.75 spid76 * kerberos 000007FF77410000 000007FF774C2FFF 000b3000
2007-05-23 05:31:58.75 spid76 * cryptdll 000007FF7DAB0000 000007FF7DABEFFF 0000f000
2007-05-23 05:31:58.75 spid76 * schannel 000007FF7DB70000 000007FF7DBB0FFF 00041000
2007-05-23 05:31:58.75 spid76 * COMRES 000007FF7E920000 000007FF7E9E5FFF 000c6000
2007-05-23 05:31:58.75 spid76 * XOLEHLP 000007FF5C560000 000007FF5C566FFF 00007000
2007-05-23 05:31:58.75 spid76 * MSDTCPRX 000007FF67140000 000007FF67210FFF 000d1000
2007-05-23 05:31:58.75 spid76 * msvcp60 000000000AD30000 000000000AE19FFF 000ea000
2007-05-23 05:31:58.75 spid76 * MTXCLU 000007FF7B540000 000007FF7B569FFF 0002a000
2007-05-23 05:31:58.75 spid76 * VERSION 000007FF7FBF0000 000007FF7FBFAFFF 0000b000
2007-05-23 05:31:58.75 spid76 * WSOCK32 000007FF770F0000 000007FF770F9FFF 0000a000
2007-05-23 05:31:58.75 spid76 * DNSAPI 000007FF7E720000 000007FF7E76DFFF 0004e000
2007-05-23 05:31:58.75 spid76 * winrnr 000007FF7E820000 000007FF7E82AFFF 0000b000
2007-05-23 05:31:58.75 spid76 * rasadhlp 000007FF7E830000 000007FF7E836FFF 00007000
2007-05-23 05:31:58.75 spid76 * hnetcfg 000007FF6D1F0000 000007FF6D280FFF 00091000
2007-05-23 05:31:58.75 spid76 * wshtcpip 000007FF76FA0000 000007FF76FAAFFF 0000b000
2007-05-23 05:31:58.75 spid76 * security 000007FF77530000 000007FF77534FFF 00005000
2007-05-23 05:31:58.75 spid76 * msfte 0000000049980000 0000000049D2DFFF 003ae000
2007-05-23 05:31:58.75 spid76 * dbghelp 000000000D7F0000 000000000D949FFF 0015a000
2007-05-23 05:31:58.75 spid76 * WINTRUST 000007FF7E210000 000007FF7E25DFFF 0004e000
2007-05-23 05:31:58.75 spid76 * imagehlp 000007FF7E2A0000 000007FF7E2B2FFF 00013000
2007-05-23 05:31:58.75 spid76 * dssenh 000000000FF70000 000000000FFABFFF 0003c000
2007-05-23 05:31:58.75 spid76 * ntdsapi 000007FF7DAD0000 000007FF7DAF3FFF 00024000
2007-05-23 05:31:58.75 spid76 * xpsp2res 000007FF5C210000 000007FF5C4D6FFF 002c7000
2007-05-23 05:31:58.75 spid76 * CLBCatQ 0000000003600000 00000000036DDFFF 000de000
2007-05-23 05:31:58.75 spid76 * sqlncli 00000000337A0000 0000000033A5DFFF 002be000
2007-05-23 05:31:58.75 spid76 * COMCTL32 0000000003700000 00000000037EDFFF 000ee000
2007-05-23 05:31:58.75 spid76 * comdlg32 000007FF7D360000 000007FF7D3D6FFF 00077000
2007-05-23 05:31:58.75 spid76 * SQLNCLIR 0000000035000000 0000000035032FFF 00033000
2007-05-23 05:31:58.75 spid76 * msftepxy 000000000F130000 000000000F150FFF 00021000
2007-05-23 05:31:58.75 spid76 * xpstar90 0000000053C30000 0000000053CB4FFF 00085000
2007-05-23 05:31:58.75 spid76 * SQLSCM90 0000000053AD0000 0000000053ADBFFF 0000c000
2007-05-23 05:31:58.75 spid76 * ODBC32 000007FF63EB0000 000007FF63F16FFF 00067000
2007-05-23 05:31:58.75 spid76 * BatchParser90 00000000520C0000 00000000520ECFFF 0002d000
2007-05-23 05:31:58.75 spid76 * ATL80 000000007C630000 000000007C64DFFF 0001e000
2007-05-23 05:31:58.75 spid76 * odbcint 000007FF63DC0000 000007FF63DD7FFF 00018000
2007-05-23 05:31:58.75 spid76 * xpstar90 0000000010CC0000 0000000010CE5FFF 00026000
2007-05-23 05:31:58.75 spid76 * msxmlsql 0000000078800000 0000000078963FFF 00164000
2007-05-23 05:31:58.75 spid76 * msxml3 000007FF78A20000 000007FF78C2DFFF 0020e000
2007-05-23 05:31:58.75 spid76 * xpsqlbot 000000004A7C0000 000000004A7C7FFF 00008000
2007-05-23 05:31:58.75 spid76 * xplog70 0000000034730000 000000003473FFFF 00010000
2007-05-23 05:31:58.75 spid76 * xplog70 00000000125B0000 00000000125B2FFF 00003000
2007-05-23 05:31:58.75 spid76 *
2007-05-23 05:31:58.75 spid76 * P1Home: FFFFFADEC275F600:
2007-05-23 05:31:58.75 spid76 * P2Home: 0000000017F4DEA0: FFFFFADEC275F600 0000000017F4DEA0 0000000000000000 0000000017F4E660 0000800000000000 FFFFFADEC275F940
2007-05-23 05:31:58.75 spid76 * P3Home: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * P4Home: 0000000017F4E660: FFFFFFFF00000001 0000000000000000 0000000100ECCEA8 0000000100ECCF60 0000000000000000 00000000E226E9C0
2007-05-23 05:31:58.75 spid76 * P5Home: 0000800000000000:
2007-05-23 05:31:58.75 spid76 * P6Home: FFFFFADEC275F940:
2007-05-23 05:31:58.75 spid76 * ContextFlags: 000000000010001F:
2007-05-23 05:31:58.75 spid76 * MxCsr: 0000000000001FA0:
2007-05-23 05:31:58.75 spid76 * SegCs: 0000000000000033:
2007-05-23 05:31:58.75 spid76 * SegDs: 000000000000002B:
2007-05-23 05:31:58.75 spid76 * SegEs: 000000000000002B:
2007-05-23 05:31:58.75 spid76 * SegFs: 0000000000000053:
2007-05-23 05:31:58.75 spid76 * SegGs: 000000000000002B:
2007-05-23 05:31:58.75 spid76 * SegSs: 000000000000002B:
2007-05-23 05:31:58.75 spid76 * EFlags: 0000000000010202: 0065002E0064006D 0046000000650078 004F004E005F0050 0053004F0048005F 00480043005F0054 003D004B00430045
2007-05-23 05:31:58.75 spid76 * Rax: 0000000100ECCF60: 0000000000000000 0000000100ECCEA8 0000000000000000 0065006300630041 0000000000000000 0000000000000000
2007-05-23 05:31:58.75 spid76 * Rcx: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * Rdx: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * Rbx: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * Rsp: 0000000017F4E440: 0000000001B30DC0 FFFFFFFFFF000000 0000000000000000 0000000078D6E31C 00000000D44421C0 00000000015E8750
2007-05-23 05:31:58.75 spid76 * Rbp: 0000000017F4E660: FFFFFFFF00000001 0000000000000000 0000000100ECCEA8 0000000100ECCF60 0000000000000000 00000000E226E9C0
2007-05-23 05:31:58.75 spid76 * Rsi: 0000000273C15900: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
2007-05-23 05:31:58.75 spid76 * Rdi: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * R8: 00000000D44421C0: 0000000000000000 0000000000000000 00000000D039C1D0 00000000E892C1D0 0000000000000001 00000000038203A0
2007-05-23 05:31:58.75 spid76 * R9: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * R10: 0000000001000000: 0000000300905A4D 0000FFFF00000004 00000000000000B8 0000000000000040 0000000000000000 0000000000000000
2007-05-23 05:31:58.75 spid76 * R11: 0000000017F4E5C8: 00000000015E5847 00000000063C8080 00000000063C8130 0000000192CED0F0 0000000001541382 FFFFFFFFFFFF0002
2007-05-23 05:31:58.75 spid76 * R12: 0000000017F4E608: 00000000063C4C58 0000000000000000 0000000000000000 00000000000002AA 0000000017F4E890 0000000100ECCE70
2007-05-23 05:31:58.75 spid76 * R13: 0000000000000001:
2007-05-23 05:31:58.75 spid76 * R14: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * R15: 0000000000000000:
2007-05-23 05:31:58.75 spid76 * Rip: 00000000015F4502: 086F8B4C187A8B48 C1F6434FB60F2074 44004E814E850F02 0F04C1F660244C89 4C894C004E815985 30250C8B48657824
2007-05-23 05:31:58.75 spid76 * *******************************************************************************
2007-05-23 05:31:58.75 spid76 * -------------------------------------------------------------------------------
2007-05-23 05:31:58.75 spid76 * Short Stack Dump
2007-05-23 05:31:58.75 spid76 00000000015F4502 Module(sqlservr+00000000005F4502)
2007-05-23 05:31:58.75 spid76 00000000015E5847 Module(sqlservr+00000000005E5847)
2007-05-23 05:31:58.75 spid76 000000000158A7CE Module(sqlservr+000000000058A7CE)
2007-05-23 05:31:58.75 spid76 00000000024796E7 Module(sqlservr+00000000014796E7)
2007-05-23 05:31:58.75 spid76 000000000247A0E5 Module(sqlservr+000000000147A0E5)
2007-05-23 05:31:58.75 spid76 0000000001A2F32F Module(sqlservr+0000000000A2F32F)
2007-05-23 05:31:58.75 spid76 0000000001625988 Module(sqlservr+0000000000625988)
2007-05-23 05:31:58.75 spid76 0000000001736E0B Module(sqlservr+0000000000736E0B)
2007-05-23 05:31:58.75 spid76 000000000161BC5B Module(sqlservr+000000000061BC5B)
2007-05-23 05:31:58.75 spid76 00000000016126D1 Module(sqlservr+00000000006126D1)
2007-05-23 05:31:58.75 spid76 0000000001614BB6 Module(sqlservr+0000000000614BB6)
2007-05-23 05:31:58.75 spid76 000000000268C3CA Module(sqlservr+000000000168C3CA)
2007-05-23 05:31:58.75 spid76 000000000268DCB4 Module(sqlservr+000000000168DCB4)
2007-05-23 05:31:58.75 spid76 000000000161FC5E Module(sqlservr+000000000061FC5E)
2007-05-23 05:31:58.75 spid76 00000000015C80E8 Module(sqlservr+00000000005C80E8)
2007-05-23 05:31:58.75 spid76 00000000015CAD6D Module(sqlservr+00000000005CAD6D)
2007-05-23 05:31:58.75 spid76 00000000015E0232 Module(sqlservr+00000000005E0232)
2007-05-23 05:31:58.75 spid76 00000000015DE73E Module(sqlservr+00000000005DE73E)
2007-05-23 05:31:58.75 spid76 00000000015D66CE Module(sqlservr+00000000005D66CE)
2007-05-23 05:31:58.75 spid76 00000000015D7129 Module(sqlservr+00000000005D7129)
2007-05-23 05:31:58.75 spid76 00000000015CE674 Module(sqlservr+00000000005CE674)
2007-05-23 05:31:58.75 spid76 00000000014CE4C7 Module(sqlservr+00000000004CE4C7)
2007-05-23 05:31:58.75 spid76 00000000017A0B89 Module(sqlservr+00000000007A0B89)
2007-05-23 05:31:58.75 spid76 0000000001785C90 Module(sqlservr+0000000000785C90)
2007-05-23 05:31:58.75 spid76 00000000017D08F8 Module(sqlservr+00000000007D08F8)
2007-05-23 05:31:58.75 spid76 00000000781337A7 Module(MSVCR80+00000000000037A7)
2007-05-23 05:31:58.77 spid76 0000000078133864 Module(MSVCR80+0000000000003864)
2007-05-23 05:31:58.77 spid76 0000000078D6B66A Module(kernel32+000000000002B66A)
Can anyone help me these errors? Why I am getting these errors ? And how do i resolve this issue?
Thanks
View 1 Replies
View Related
Aug 22, 2007
Hi,
I am back with one more problem..
I have created few reports using SSRS 2005. I am using Oracle database in Data Source to fetch my data. It is working fine and showing me report correctly. But after running the report 8 to 10 times, it starts giving me Memory error. To get rid of that, I need to recycle (stop-start) ReportingService from IIS.
I am exactly getting following error...
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
I am not getting the actual problem, why is it giving memory error only after running few times? Please let me know if anyone facing same problem or knowing the solution for the problem.
Thanks,
HMaheta
View 3 Replies
View Related
Sep 29, 2009
I'm trying to install SQL Server 2008 on a virtual machine with Windows 2008 R2. Setup fails with the error "Attempted to perform an unauthorized operation". Looking at the installation log, I see these details:
2009-09-29 08:24:49 SQLBrowser: sRegLocation = 'SOFTWAREMicrosoftMicrosoft SQL Server', regView = 'Wow6432', sSddl = '(A;CI;KR;;;[SQLServer2005SQLBrowserUser$ITISFIM])', bOptional = 'False'.
2009-09-29 08:24:49 Slp: Sco: Attempting to create base registry key HKEY_LOCAL_MACHINE, machine
[code]....
View 35 Replies
View Related
Mar 12, 2015
I have created a Dynamic Merge statement SCD2 Store procedure , which insert the records if no matches and if bbxkey matches from source table to destination table thne it updates old record as lateteverion 0 and insert new record with latest version 1.
I am getting below error when I ahve more than 1 bbxkey in my source table. How can I ignore this.
BBXkey is nothing but I am deriving by combining 2 columns.
Msg 8672, Level 16, State 1, Line 6
The MERGE statement attempted to UPDATE or DELETE the same row more than once. This happens when a target row matches more than one source row. A MERGE statement cannot UPDATE/DELETE the same row of the target table multiple times. Refine the ON clause to ensure a target row matches at most one source row, or use the GROUP BY clause to group the source rows.
View 4 Replies
View Related
Jun 13, 2007
Hi all,
The shotshot agent is generating a snapshot, I got the error ' Attempted to read or write protected memory. This is often an indication that other memory is corrupt'. Then, the agent failed. I tried to restart the agent and generate a snapshot again. This time, it run normally. So far, I got this error twice since the replication launched. Kindly advise. Thanks a lot.
View 4 Replies
View Related
Mar 17, 2006
I'm trying to import data from a Sybase ASE 12.0 database called "OurTestDatabase" into MS SQL Server 2005. I started SSIS Wizard and indicated "Sybase ASE OLEDB Provider" as a source and SQL Native Client as the target. I'm gettign the following error message:
-----------------------------------------------------------------------------------------------------------------
Cannot get supported data types from the database connection
"Provider=Sybase.ASEOLDEDBProvider;Password=;Persist Security Info=True;User ID=sa;Data Source=sybase;Initial Catalog=OurTestDatabase"
Additional information
|_ Attempted to read or write protected memory. This is often an indication that other memory is corrupt. (System.Data)
-----------------------------------------------------------------------------------------------------------------
The same data source worked with DTS when we thought we'd convert to MS SQL Server 2000. Is this a bug in SSIS? What can be done? Using ".Net Framework Provider for ODBC" is not a good option because this doesn't allow me to choose any tables from the Sybase source.
Any help is greatly appreciated.
View 7 Replies
View Related
Sep 29, 2015
We have a large number of SSISDB packages running happily, connecting to our SQL Servers using ADO.Net or Sql Native Client, making their connection using NTLM. (We don't have our SQL Server SPNs correctly configured to support Kerberos).
The SSISDB packages are hosted on and run on a dedicated SQL server, different to the SQL Servers they are connecting to.
Very occasionally, the connection attempt is made using Kerberos instead of NTLM, and the connection attempt to sql server fails. (This is going by the Windows Security event log, which reveals a Kerberos login - a successful one at the Windows level - at the precise time that the calling agent job is informed of a connection timeout and fails, approx 23 seconds after the job starts).
The correct configuration of our SPNs is something we may wish to look into for security best practice, and would of course fix this. However, that may not be my decision to make.
View 2 Replies
View Related
Jun 19, 2007
Our server is 64 bits OS. After SQL instalation we try to load the Reports web site and the server return the following error, can anyone help us?:
Attempted to load a 64-bit assembly on a 32-bit platform. Use ReflectionOnlyLoad() instead if trying to load for reflection purposes.Server
Error in '/Reports' Application.
Attempted to load a 64-bit assembly on a 32-bit platform. Use
ReflectionOnlyLoad() instead if trying to load for reflection purposes.
Description: An unhandled exception occurred during the execution of the current
web request. Please review the stack trace for more information about the error
and where it originated in the code.
Exception Details: System.BadImageFormatException: Attempted to load a 64-bit
assembly on a 32-bit platform. Use ReflectionOnlyLoad() instead if trying to
load for reflection purposes.
Source Error:
An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
Stack Trace:
[BadImageFormatException: Attempted to load a 64-bit assembly on a 32-bit platform. Use ReflectionOnlyLoad() instead if trying to load for reflection purposes.]
System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) +0
System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +211
System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +141
System.Reflection.Assembly.Load(String assemblyString) +25
System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +32
[ConfigurationErrorsException: Attempted to load a 64-bit assembly on a 32-bit platform. Use ReflectionOnlyLoad() instead if trying to load for reflection purposes.]
System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +596
System.Web.Configuration.CompilationSection.LoadAllAssembliesFromAppDomainBinDirectory() +3479065
System.Web.Configuration.CompilationSection.LoadAssembly(AssemblyInfo ai) +46
System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig) +177
System.Web.Compilation.BuildProvidersCompiler..ctor(VirtualPath configPath, Boolean supportLocalization, String outputAssemblyName) +180
System.Web.Compilation.ApplicationBuildProvider.GetGlobalAsaxBuildResult(Boolean isPrecompiledApp) +3446645
System.Web.Compilation.BuildManager.CompileGlobalAsax() +51
System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +462
[HttpException (0x80004005): Attempted to load a 64-bit assembly on a 32-bit platform. Use ReflectionOnlyLoad() instead if trying to load for reflection purposes.]
System.Web.Compilation.BuildManager.ReportTopLevelCompilationException() +57
System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +612
System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters) +456
[HttpException (0x80004005): Attempted to load a 64-bit assembly on a 32-bit platform. Use ReflectionOnlyLoad() instead if trying to load for reflection purposes.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +3426871
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +88
System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +149
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET
Version:2.0.50727.42
View 1 Replies
View Related
Feb 19, 2008
Hi,
I am getting error while opening the Data Base Engine in Sql server Management Studio.
We applied SP2. and restarted the server but no luck.
Error Message:Attempted to read or protected memory. This is often an indication that other memory is corrupt(mscorlib).
View 3 Replies
View Related
Nov 20, 2006
My apologies...I wasn't for sure where to post an error like this...
Over the last 2 months I have gotten this SQL Server error (twice). All existing processes will continue to work, however no new processes can be created and users cannot connect to the server. This is the exact text of the message in the SQL Server error log.
Operating system error 10038: An operation was attempted on something that is not a socket...
Error: 17059, Severity: 18, State: 0
Error accepting connection request via Net-Library 'SSNETLIB'. Execution continuing.
Error: 17882, Severity: 18, State:
While we can typically just stop SQL Server Service and restart the services...I have found it is best to restart the machine during non-production times to take care of any 'residual' effects of this error.
The SQL Server 2000 SP4 box with Windows 2003 Standard SP1 is well maintained by our I.T. team and it typically will run 4 or 5 months without a reboot.
Thank you...
...cordell...
View 5 Replies
View Related
Sep 28, 2007
Hello. I have received the follwoing error upon an attempt to Browse the Cube. All other tabs are functional, including the Calculations tab. We are running Windows Server 2003 SP2 and SQL Server 2005 SP2. Any suggestions would be greatly appreciated!
**EDIT** - Have confirmed SP1 for VS2005 is installed both locally and on server, also.
Attempted to read or write protected memory. This is often an indication that other memory is corrupt. (Microsoft Visual Studio)
------------------------------
Program Location:
at Microsoft.Office.Interop.Owc11.PivotView.get_FieldSets()
at Microsoft.AnalysisServices.Controls.PivotTableFontAdjustor.TransformFonts(Font font)
at Microsoft.AnalysisServices.Browse.CubeBrowser.UpdatePivotTable(Boolean translate)
at Microsoft.AnalysisServices.Browse.CubeBrowser.UpdateAll(Boolean translate)
at Microsoft.AnalysisServices.Browse.CubeBrowser.InitialUpdate()
at Microsoft.AnalysisServices.Browse.CubeBrowser.SupportFunctionWhichCanFail(FunctionWhichCanFail function)
View 4 Replies
View Related
