I have an app that queries the same SQL Server, instance and database. In one execution of the app, it makes multiple queries against the database in two different runs, each run being approx. 10 seconds apart. The app app does remote logins to the SQL Server using Standard Security. Each run makes twenty (20) connection attempts and all connection attempts between the two runs are using the same SQL account/password€¦(when successful) there is a .5 second delay between each attempt. So, here is a visual description:
The problem I€™m seeing is: All connection attempts in Run 1 are successful in connecting to the SQL Server. All connection attempts in Run 2 are UNSUCCESFFUL when connecting to SQL Server (error message is €œSQL Server cannot be found or Access Denied€?). Remember, ALL connection attempts are using the same SQL account and password.
As an added note: When I switched from using SQL Standard Security to Windows Security, ALL connection attempts in each Run was successful.
Does see anything wrong with this? Is Standard SQL Security limited in the number of simultaneous connections or in some other kind of way?
I've inherited a SQL 6.5 server running on Windows NT 4.0. An application was written (I believe in VB 6.0) to access tables on the server. From the documentation that I have received, I believe that the Security mode for this server is supposed to be "Standard". When I first got my hands on the server, the security mode was set to "Integrated". I have since changed it "Standard" but the users still get the same error:
Connection failed: SQL State" '08004' SQL Server Error: 18450 [Microsoft][ODBC SQL Server Driver][SQL Server] Login failed. User: MCLEANC Reason: Not Defined as a valid user of a trusted SQL Server connection.
I looked in the Microsoft Knowledgebase and read an article on SQL Server Error 18450 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q164167). I followed all of their suggestions but the server still seems to be stuck in "Integrated" mode.
I have 3 NT Workstations that will not connect to my SMS database using NT Integrated Security. The SQL 6.5 server is set up to use mixed security. The only way to connect to the server is to use a standard sql account. Any ideas? THis happens to all users even administrators.
I am trying to verify that the ability to use the security extension to use Forms based authentication is available (or not) with SQL 2005 Standard. I have read a few books and articles that state that only the Enterprise edition will allow us to use the security extensions to customize authentication and authorization. But a few recently have told me otherwise.
Does anyone know for sure? We use Standard edition...and would like to customize our security.
Hello, I have a sql 2005 server, and I am a developer, with the database on my own machine. It alwayws works for me but after some minutes the other developer cant work in the application
He got this error
Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 192.168.1.140]
and When I see the log event after that error, it comes with another error.
SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.1.140]
He has IIS5 and me too.
I created a user on the domain called ASPSYS with password, then in the IIS on anonymous authentication I put that user with that password, and it works, on both machines.
I go to the profiler, and I see that when he browses a page, the database is accesed with user ASPSYS, but when I browse a page, the database is accesed with user SElevalencia.
Thats strange.
The only way that the other developer can work again on the project is to restart the whole machine. He has windows xp profession, I have windows 2000.
I'd found a serious problem connecting to SQL Server Standard Edition. The server has 8 processors, 16 gB of memory, SCSI RAID etc. Seems great, but the result is terrible. Web services are using ADODB, not ADO.Net to provide the compatibility with the client application which was realised using pure C++. The connection is incredibly slow, the application is unusable in such a condition. By other way COM+-based realisation of the same mechanism (used by classic ASP site) works fine. I'd verifed all the protocols (Shared Memory, Named Pipe, TCP/IP), but without any success.
We have experienced an issue with back backup / restore of a database originating from SQL Server 2000 to SQL Server 2003.
We have the following setup:
SQL Server 2000
- DatabaseA
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseA
- DatabaseB
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseB
SQL Server 2005 Standard
-asdfUser is NOT Setup as a user yet.
-We restore DatabaseA and DatabaseB to the SQL Server 2005 Standard. The databases are restored with the security permissions of asdfUser being the DB Owner of DatabaseA and DatabaseB.
-We create a new SQL user named asdfUser on the SQL Server 2005 box. We then try to add the UserMapping of DBOWNER for the DatabaseA and DatabaseB. We receive an error message stating that the asdfUser already have permissions to the databases. We proceed with the user creation without those permissions.
-We proceed to the login properties of the asdfuser and view their UserMappings. The asdfUser does not have access to DatabaseA or DatabaseB. We then add the UserMapping of DBOWNER to both DatabaseA and DatabaseB. We Try to select OK and we receive an error message that states that the user already has those permissions.
-When we query the UserID's of the asdfUser that is in the database and the UserID of the asdfUser that is created, they are two different values.
Hi all, i have standard edition of sql server, on a server hat doesnt have sql server standard would i be able to connect to it using my connection string. Or does the server has to have standard edition too. Is this same for express edition, and if possible to do this whats the difference between express connection string from standard edition thanks
I apologize for a dumb question, but where could I find an example of making a VB 6 (not .NET) connection to a SQL 2005 server using the current user's NT security properties? I don't want our users to use ODBC, nor have to hard code a SQL login. I wish to control access via their presence/absence in an active directory group. I think this means I want the VB to use the current user's NT security context to help with the connection. I will pass the server and the DB, but I do not want to pass the password. I am pretty sure there is a method for this, but I cannot find one. All my examples show a sql login and a password as part of the string.
Hi all, I have a production website at Godaddy and an ASP.net 2.0 page that successfull connects to a SQL 2005 instance provided by Godaddy using SQL authentication(User ID/Password). The Godaddy database has become too small (200MB limit) and the plan is to use the SQL Server 2005 standard edition at my office. In other words, I want to host my own SQL server and keep the front-end at Godaddy. The ASP.net test page at Godaddy generates the basic connection errors when attempting to connect to my SQL server at the office. This error has several variations depending on how the connection string is configured: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) In this case the connection string is: Data Source=xxx.xxx.xx.xxx,1433; Network Library=DBMSSOCN; Initial Catalog=Test; User ID=xxx; Password=xxx" I've embedded this connection string directly into the ASP.net test page in order to make this page independent of the web.config file. My MS SQL server is on a Small Bussiness Server 2003 with Sharepoint and Remote Workplace running, and this machine is behind a linksys router, and Routing and Remote Access is running in place of windows firewall. I've openned ports TCP 1433 and UDP 1434 on the router and Routing and Remote Access. Telnet xxx.xxx.xxx.xxxx 1433 connects successfull, and the SQL log shows listening on 1433. I don't know if telnet is telling me that there is successful connection to the port on the router, or if it makes it all the way to the SQL server. The SQL server is running the default instance MSSQLSERVER. Locally, I am able to connect using SQL 2005 Studio, and I am able to confirm this activity in the SQL log. Since I've openned port 1433, I also see numerous dictionary attacks in the SQL Log. Based on this, remote connectivity is there. The strange observation is that the SQL log shows no sign of a connection attempt from the ASP.net page. The connection appears to be failing before it reaches the SQL server. I've openned ports in the Linksys router and the NAT/Firewall the same way I've openned them for Sharepoint and Remote Workplace. I also found that when I move the ASP.net test page to another ISP, then the SQL connection that worked from the Godaddy website, is no longer able to connect. An explanation of this would also be very helpful to me. Is there something that needs to be configured to expose the SQL server to ASP.net pages that is different from remote access? Does IIS need to somehow be involved? Is there something in Small Business Server 2003 that could be interferring with ASP.net page requests to the SQL server? Do I need to run my machine as a web server to make this work? Any help with this configuration would be greatly appreciated.
My DTS package, deployed and run from the file system, works just fine for me, but fails when someone else runs it. The only explicit error from the dtexec command is:
We have replication setup on a sql server 2000. We encountered issue that the distribution agent goes down (distrib.exe stop running) in the event of network connection broken. We would like to know:
is this the expected result that the distribution agent will go down in the event of communication failure between the distribution server and subscriber server? if not, is there a way to programmatically control and restart the agent? Is there any sp in SQL server which can monitor the replication communication error message? is there any sp in SQL server which can be run to restart the agent? For the best practice, what do you think we can do to achieve an €˜event-driven€™ kind of mechanism so when an communication breaks, the agent can be restarted by the triggered event (or at least a simple way to automatically restart)?
I have a user who has some ODBC connections that use SQL Authentication (through a generic id)to connect to SQL Server that work fine. What worries me is the user can access the same SQL Server throught NT authentication and connect through QA, EM (registering a server) or ODBC, even though she is not listed in the security of that SQL Server as a SQL user or and NT user. Worse is that she seems to have full rights to the server. I had her log in on another box and the same thing happened. I am on SQL 2000 SP1. Anyone have any ideas to is it time to call MS?
Microsoft Security Paradigmes are Irritating. I sure they're fine onceyou know what they are, but for the uninitiated it's quitecounterintuitive to work with.I moving an old SQL Server-backend-IIS5/ASP-frontend application toservers with windows 2003 standard edition. One server will run thedatabase the other will run IIS 6.0. Note that i haven't set-up adomain, which i think requires one machine to be domain controllerwhich would decrease performance and stuff. I've simply put them on thesame group.I wan't to restrict access the sql server so only the incommingconnection from the webserver is allowed. I can use either namedpipes(which should be the fastest protocol) or tcpwhich should beslight slower than named pipes) but i seem to have a problem. If I usenamed pipes to connect the IUSR(the user under which IIS is running)must have access-rights to IPC$ share on the sql server. I can't seemto set any access-right directly for IPC$ share, but i can reactivatemy guest user and then it works, everyone can now access the ipc$ shareso it's not really what i'm looking for.I can also connect through TCP( and set up some kind of filter onlyallowing incomming connections on port 1433 from the ip of the webserver.But i don't know how to do this. I've taken a look at the IPSec stuffbut it's all about kerberos authentication and other bull which i don'tthink i need. What i need is simply a ip traffick filter, which doesnothing else but reject incomming connection from all other ip's thanmy webserver.My question is how do I do this? Do i need to have a addtitíon"firewall" service running and if so why, how much extra overhead willthis create for the server. Alternately, is it possible to change theaccess right for the IPC$ share manually?Thanks in advance for any input you might have on this?Regs Jens
My company gave me their old Windows 2000 server. I installed mydatabase on it and the ODBC connection works perfectly on the server.When I go to my client machine I go the the ODBC Connections in it andit fails. It refuses connections and will not reply to pings. It is nota network issue, as I can telnet to the server just fine. It's strictlya security issue. I just have no clue where to look. Any suggestionswould be appreciated. Thanks
I am using windows impersonation in a CLR that is retrieving folder structure. In order to use impersonation I need to pass the windows credential to the SQL server so I am trying to use "integrated security=SSPI" and I also tried "integrated security=true" as well with the same result...I get the error: Login failed for user ''. The user is not associated with a trusted SQL Server connection. The SQL Server and IIS are located in different un-trusted domain. I am however able to connect to the SQL Server using user id and password. In my web.config file: <add name="ConnectionName1" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;Integrated Security=true;persist security info=False; Trusted_Connection=Yes;" providerName="System.Data.SqlClient"/> à Doesn’t work <add name="ConnectionName2" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;uid=user;pwd=password;" providerName="System.Data.SqlClient"/> à WorksBased on the error message it looks like there is no user passed to the SQL server. What am I missing? At this point I am thankful for any input…
Does anybody know if it is possible to establish a connection to an sql express instance only with integrated security when this express instance is running on XP which is NOT part of a domain?
Hi,A person from my company's IT department approached me a few days ago saying that they followed some instructions on a recent security vulnerability in IIS whereby they where told to turn impersonation off in IIS. I'm afraid I don't know the exact procedure, but I do know that it took down all of my applications with the following error:"Failed to generate a user instance of SQL Server"I do NOT have impersonation enabled in my web.config, however all of my connection strings look like the following:<add name="myConnectionString" connectionString="Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|myDatabase.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>From what I've read, this type of connection string, which VWD 2005 generates by default, is not the correct way to go about connecting to a database. Could this be my problem??Thanks!
Hi , I am trying to connect to MS Sql server 2000 from Java (1.4.2 /1.5 ). I installed my Sql Server(8.00.382) from the one supplied withVS.NET 2001. When I installed it on my laptop it did not ask me for auser name and password. After install when I re-started my machine Isee the server started up with a green light. Now when I connect to theserver from VS.NET it works fine. This is because VS uses windowsintegrated security. I now need to connect using Java , so I downloadedthe microsoft drivers for SQL2000-JDBC sp3 from the microsoft site. Iadded the jar files to my Java project classpath. I manage to registerthe driver in java :Class dbClass = ClassLoader.getSystemClassLoader().loadClass("com.microsoft.jdbc.sqlserver.SQLServerDriver");DriverManager.registerDriver((Driver) dbClass.newInstance() );Connection conn =DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;_integrated security=SSPI");but cannot seem to get a connection as it gives an SQLException sayingthat it is unable to connect:java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Errorestablishing socket.I cant seem to figure it out.Can some one help ??I am a newbie to sqlserver so couldnt quite figure out how to changeadmin password or create a new user with the tools provided with thisversion of sql (SQL Server Desktop Engine).Any help will be appreciated.Ebby
Assume I have an asp.net/sql server 2000 web app in a shared hosting environment. I then encrypt the connection string using ProtectSection("DataProtectionConfigurationProvider") in the page load of my default.aspx page.
Am I understanding the following concepts then correctly?
1. I upload the site to the shared hosting server. 2. The first time I run the app eg. www.whatever.com/default.aspx, the ProtectSection method above is executed. 3. Now the conn string area of my web.config is encrypted, and asp.net will decrypt as needed.
4. If someone were to hack the server and view the web.config -- whether via getting into the server or via ftp, they would see an encrypted connection string. Thanks very much!
Any way to find out who's causing "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." error in SQL Server error logs?
I have a piece of Java code that needs to connect to SQL 2000 (SP4) using Windows Authentication. It's running on Windows Server 2003 SP1.
I tried JDBC v1.1 and followed the code from the following blog:
http://blogs.msdn.com/angelsb/default.aspx?p=1
But still get this error as shown below. Any help appreciated.
I am using JDK1.4.2, "sqljdbc_auth.dll" is located under "E:SQL2005JDBCDrvsqljdbc_1.1enuauthx86", also made a copy under "E:JavaTest" and "C:WindowsSystem32" but still won't work.
E:JavaTest>java -classpath ".;E:JavaTestsqljdbc.jar" -Djava.library.path=E:S QL2005JDBCDrvsqljdbc_1.1enuauthx86 TestW2 com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError (Unknown Source) at com.microsoft.sqlserver.jdbc.IOBuffer.processPackets(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.processLogon(Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(Unknown Source ) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(Unknow n Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.loginWithoutFailover (Unknown Source) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(Unknown Sour ce) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(Unknown Source) at java.sql.DriverManager.getConnection(Unknown Source) at java.sql.DriverManager.getConnection(Unknown Source) at TestW2.main(TestW2.java:7) ===========================================================
The code is simple (TestW2.java):
import java.sql.*;
public class TestW2 { public static void main(String[] args) { try { java.lang.Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); Connection conn = java.sql.DriverManager.getConnection("jdbc:sqlserver://VMW2k3ENT003.TESTCBFPOC.COM.AU;integratedSecurity=true"); System.out.println("Connected!"); conn.close();
I€™ve developed a BI system using the SQL Server 2005 Developer€™s Edition.
SSAS, SSIS and SSRS have been added to a SQL Server 2005 Standard Edition Server in preparation for delivering the developed database to this live environment.
So I am able to connect directly to the Database Engine, SSAS, SSIS and SSRS successfully from the actual SQL Server 2005 Standard Edition box which is sat on a Windows 2003 Server operating system.
However when I launch SQL Server Management Studio from a desk top PC which is connected to the SQL Server Standard Edition box I can€™t connect to either SSIS or SSRS, however I can connect to the Database Engine and it also seems that I can connect to SSAS OK.
I am using Windows Authentication where the I used a SQL Server account which exists with €œsysadmin€? permissions and this SQL Server account has the same login name as the Windows Server 2003 desktop login.
How do SQL 2000 service packs play a role in upgrading? That is, can SQL 2000 Standard with no Service Packs(SP) be upgraded to SQL 2005 Standard, or does SQL 2000 Standard have to have a certain service pack??
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says: Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.Â
I have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"